header-logo
Suggest Exploit
vendor:
Instant Messenger (AIM)
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Instant Messenger (AIM)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

AOL Instant Messenger (AIM) Buffer Overflow Vulnerability

A vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.

Mitigation:

AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3769/info

AOL Instant Messenger (AIM) is a real time messaging service.

The vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.

It is important to note that there is currently no way for an AIM user to block this type of request.

**AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21196.tgz

Navigation

Suggest Exploit

Services By CQR