Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AOL Instant Messenger Vulnerability

AOL Instant Messenger Vulnerability

by Nikola Strahija on January 3rd, 2002 AOL Instant Messenger (AIM) has a major security vulnerability in the latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This vulnerability will allow remote penetration of the victim's system without any indication as to who performed the attack. There is no opportunity to refuse the request.


This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in.

This particular vulnerability results from an overflow in the code that parses a game request. The actual overflow appears to be in the parsing of TLV type 0x2711. This may be more generic and exploitable through other means, but AOL has not released enough information about their protocol for us to be able to determine that.

AOL Instant Messenger (http://www.aim.com) has over 100 million users.Almost all of these users are Windows users and directly vulnerable to this.

EXPLOIT

The exploit, w00aimexp, is too big (1000+ lines) to include here, but it can be downloaded at http://www.w00w00.org/files/w00aimexp.tgz. The files can be viewed online at http://www.w00w00.org/files/w00aimexp/.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »