AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
BID:13553
Info
AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
| Bugtraq ID: | 13553 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2005 12:00AM |
| Updated: | May 09 2005 12:00AM |
| Credit: | Discovery of this issue is credited to <[email protected]>. |
| Vulnerable: |
AOL Instant Messenger 5.5.3595 AOL Instant Messenger 5.5.3415 Beta AOL Instant Messenger 5.5 AOL Instant Messenger 5.2.3292 AOL Instant Messenger 5.1.3036 AOL Instant Messenger 5.0.2938 AOL Instant Messenger 4.8.2790 AOL Instant Messenger 4.8.2616 AOL Instant Messenger 4.8 .2646 AOL Instant Messenger 4.7.2480 AOL Instant Messenger 4.7 AOL Instant Messenger 4.6 AOL Instant Messenger 4.5 AOL Instant Messenger 4.4 AOL Instant Messenger 4.3.2229 AOL Instant Messenger 4.3 AOL Instant Messenger 4.2.1193 AOL Instant Messenger 4.2 AOL Instant Messenger 4.1.2010 AOL Instant Messenger 4.1 AOL Instant Messenger 4.0 AOL Instant Messenger 3.5.1856 AOL Instant Messenger 3.5 .1808 AOL Instant Messenger 3.5 .1670 AOL Instant Messenger 3.5 .1635 AOL Instant Messenger 3.0.1415 AOL Instant Messenger 3.0 N AOL Instant Messenger 3.0 .1470 AOL Instant Messenger 2.5 .1598 AOL Instant Messenger 2.5 .1366 AOL Instant Messenger 2.1.1236 AOL Instant Messenger 2.0.996 AOL Instant Messenger 2.0.912 AOL Instant Messenger 2.0 N AOL Instant Messenger 1.2 AOL Instant Messenger 5.9.3702 |
| Not Vulnerable: | |
Discussion
AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
AOL Instant Messenger is reported prone to a remote denial of service vulnerability.
The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon.
Reports indicate that the issue manifests because of a buffer overflow condition this, however, is not confirmed.
A remote attacker may leverage this condition to crash a target AOL Instant Messenger client. Other attacks may also be possible.
AOL Instant Messenger is reported prone to a remote denial of service vulnerability.
The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon.
Reports indicate that the issue manifests because of a buffer overflow condition this, however, is not confirmed.
A remote attacker may leverage this condition to crash a target AOL Instant Messenger client. Other attacks may also be possible.
Exploit / POC
AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
The following example is available:
"DO NOT COPY AND PASTE OR IT WILL CRASH U" <fontsml=.>..<font sml= .></font>
The following example is available:
"DO NOT COPY AND PASTE OR IT WILL CRASH U" <fontsml=.>..<font sml= .></font>
Solution / Fix
AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
References:
References: