Suggest A Fix PC Support Forums > AOL Instant Messenger issue

Full Version: AOL Instant Messenger issue

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Aug 26 2002, 05:18 PM

Symantec reported a heap overflow vulnerability in AOL Instant Messenger (AIM). According to the report, a remote user can cause a target user's AIM Windows client to crash by sending them a specially crafted URL. A remote user can apparently create a URL with 344 characters (such as space characters, which get converted to %20 by the client.

In this message, it is reported that the heap overflow resides in the "goim" handler and can be triggered via the "screenname" query string parameter. The vulnerability can reportedly be triggered when the target AIM clicks "Get Info" to request information on the buddy.

No solution was available from AOL at this time.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.