BID:2118 - AOL Instant Messenger 'aim://' Buffer Overflow Vulnerability

AOL Instant Messenger 'aim://' Buffer Overflow Vulnerability

BID:2118

Info

AOL Instant Messenger 'aim://' Buffer Overflow Vulnerability

Bugtraq ID:	2118
Class:	Boundary Condition Error
CVE:	CVE-2000-1093
Remote:	Yes
Local:	Yes
Published:	Dec 12 2000 12:00AM
Updated:	Jul 11 2009 04:46AM
Credit:	The buffer overflow in the AIM 'goim' parameter and the 'screenname' parameter were orignally discovered by Joe Testa <[email protected]> and submitted to the Vuln-Dev mailing list on March 19, 2000. @stake <www.atstake.com> later posted a secur
Vulnerable:	AOL Instant Messenger 4.2.1193 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 AOL Instant Messenger 4.1.2010 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 AOL Instant Messenger 4.0 - Apple Mac OS 9 9.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows CE 3.0 - Microsoft Windows NT 4.0 AOL Instant Messenger 3.5.1856 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0

Not Vulnerable:	AOL Instant Messenger 4.3.2229 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows CE 3.0 - Microsoft Windows CE 2.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0

Solution / Fix

AOL Instant Messenger 'aim://' Buffer Overflow Vulnerability

Solution:
This vulnerability has been addressed in AOL Instant Messenger 4.3.2229:

http://www.aol.com/aim/download.html