header-logo
Suggest Exploit
vendor:
AIM
by:
SecurityFocus
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: AIM
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0651
CPE: a:aol:aim
Metasploit: https://www.rapid7.com/db/vulnerabilities/dns-bind-cve-2002-0651/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

AOL Instant Messenger Buffer Overflow Vulnerability

A vulnerability exists in the way that AOL Instant Messenger (AIM) parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on. There is currently no way for an AIM user to block this type of request.

Mitigation:

AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3769/info

AOL Instant Messenger (AIM) is a real time messaging service.

The vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.

It is important to note that there is currently no way for an AIM user to block this type of request.

**AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21196.tgz

Navigation

Suggest Exploit

Services By CQR