Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AOL Instant Messenger Link Special Character Remote Heap Overflow Vulnerabili

AOL Instant Messenger Link Special Character Remote Heap Overflow Vulnerabili

by Nikola Strahija on August 20th, 2002 AIM is the AOL Instant Messenger. It is available for various platforms, including Linux and Microsoft Windows. This vulnerability affects the Windows client. A problem has been reported in the handling of special characters. When an URL is sent to a user containing special characters that must be converted to addressable format, an overflow may occur. This has reportedly been reproduced to create a denial of service.


The following procedure has been reported by a b as producing a denial of service:

Craft the URL to be sent to the victim. Lets use spaces since they get
converted to %20 by AIM :). We could use other extended ASCII, etc.
Fill the whole URL up to the end (the "protected" buffer dist), which is 172
chars. (172 * 2 = 344).


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »