AOL Instant Messenger %s DoS Vulnerability
BID:1747
Info
AOL Instant Messenger %s DoS Vulnerability
| Bugtraq ID: | 1747 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 03 2000 12:00AM |
| Updated: | Oct 03 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Adam Spun <[email protected]> on Oct 3, 2000. |
| Vulnerable: |
AOL Instant Messenger 4.1.2010 |
| Not Vulnerable: | |
Discussion
AOL Instant Messenger %s DoS Vulnerability
AOL Instant Messenger is a real time messaging service for users that are on line.
The version of AOL Instant Messenger that is shipped with Netscape is subject to a denial of service. By transferring a file consisting of an unusual number of '%s' to a remote user running Windows NT or 2000, AOL Instant Messenger will crash when attempting to reveal the filename in the Instant Messenger window. A restart of the application is required in order to gain normal functionality.
Example filename: %s%s%s%s%s%s%s%s%s%s.jpg
AOL Instant Messenger is a real time messaging service for users that are on line.
The version of AOL Instant Messenger that is shipped with Netscape is subject to a denial of service. By transferring a file consisting of an unusual number of '%s' to a remote user running Windows NT or 2000, AOL Instant Messenger will crash when attempting to reveal the filename in the Instant Messenger window. A restart of the application is required in order to gain normal functionality.
Example filename: %s%s%s%s%s%s%s%s%s%s.jpg
Exploit / POC
AOL Instant Messenger %s DoS Vulnerability
See discussion.
See discussion.
Solution / Fix
AOL Instant Messenger %s DoS Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].