Vulnerability Note VU#41301
AOL Instant Messenger buffer overflow in screename
A buffer overflow exists in the AOL Instant Messenger (AIM) client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol.
AIM installs a protocol on the machine that enables people to post links on their websites, or send them in email messages to friends. For example:
<a href="aim:goim?screenname=myname">Send me an instant message here.</a>
A denial of service against the client can occur.
Upgrade to a version of AIM higher than 3.5.x.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AOL Time Warner||Affected||17 Oct 2001||10 Jan 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by Joe Testa.
This document was written by Jason Rafail.
- CVE IDs: Unknown
- Date Public: 15 Mar 2000
- Date First Published: 16 Jan 2002
- Date Last Updated: 31 Jan 2002
- Severity Metric: 1.06
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.