Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AIM 4.8.2790 remote file execution vulnerability

AIM 4.8.2790 remote file execution vulnerability

by Nikola Strahija on October 23rd, 2002 Description: AOL Instant Messenger version 4.8.2790 will execute programs when a user clicks on a not-so-specially crafted hypertext link.


Versions affected: AOL Instant Messenger 4.8.2790. 4.7.2480 is not
vulnerable and neither is 5.0.2938. This bug was confirmed on both
Windows 2000 and Windows ME. It is suspected that any version of
windows would be vulnerable.

AOL Contacted: July 25, 2002. Never sent a response.

Details: When a malicious user sends a link pointing to an executable
file and a victim clicks on said link, the file will be executed
without any warning prompts. The url simply points to the filename.
However, certain characters are not allowed including spaces. Thus
the attacker is limited to running files on the same partition as the
current directory and/or system folders. Since an attacker doesn't
know the current directory they are likely to begin the url with a
few "../../../../" to get to the root of the partition.
Spaces cannot be entered, however this can be gotten around by using
dos files names: i.e. "program files" becomes
"progra~1". Here are a few examples:

hi
"../../../../progra~1/trojan/trojan.exe">www.google.com

"../../../../you/get/the/point/exampl~1.exe">blah


All of these examples would run the program specified if the victim
were to click on them.

Solution: Upgrade or downgrade to any version of AIM other than
4.8.2790. Always check hyperlink urls before clicking on them.

Personal Note: This is such a stupid vulnerability and AOL are a
bunch of asshol~1 for not even responding after months.

-BludClot
--


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »