A buffer overflow exists in the AOL Instant Messenger (AIM) client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol.
AIM installs a protocol on the machine that enables people to post links on their websites, or send them in email messages to friends. For example:
<a href="aim:goim?screenname=myname">Send me an instant message here.</a>
A denial of service against the client can occur.
Upgrade to a version of AIM higher than 3.5.x.
AOL Time Warner
This vulnerability was discovered by Joe Testa.
This document was written by Jason Rafail.
|Date First Published:||2002-01-16|
|Date Last Updated:||2002-01-31 21:53 UTC|