AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window and in some cases the operating system(OS).
AIM for Windows stores font names in the messages sent from one client to another. By using numerous fonts, and sending a html division line <HR>, an attacker can cause the victim's client to crash.
By repeatedly sending this message, a continued denial of service can be caused.
This has been resolved in AIM for Windows beta version 4.8.2540.
AIM permits the user to only accept messages from known/trusted peers. Enable this feature.
This vulnerability was discovered by Robbie Saunders.
This document was written by Jason Rafail.
|Date First Published:||2002-01-14|
|Date Last Updated:||2002-01-14 18:28 UTC|