• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: AOL Instant Messenger Away Message Remote Buffer Overflow Vulnerability

Severity: HIGH

Description:

AOL Instant Messenger is reported prone to a remote buffer overflow vulnerability when processing a malformed 'Away' message. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.

This issue is caused by insufficient boundary checks performed by the application. The vulnerability exists in the 'goaway' function. It is reported that the buffer overflow condition can be triggered by providing an overly long 'Away' message of 1024 bytes or more to the application. Immediate consequences of an attack may result in a denial of service condition.

Multiple attack vectors exist for the exploitation of this vulnerability. An attacker can exploit this issue by sending a malformed 'Away' message to a user through a link or through a malicious Web site. The attacker would employ the 'aim:' URI handler and pass an excessive value for the 'goaway?message' parameter. The overflow can occur when a vulnerable user visits the malicious Web site.

It is possible that an attacker could leverage this issue to execute arbitrary code. Arbitrary code execution would occur in the context of the user running the vulnerable application.

AOL Instant Messenger versions 5.5.3595 and 5.5 are reported vulnerable to this issue, however, other versions may be affected as well.

Affected Products:

• AOL Instant Messenger 5.5.0
• AOL Instant Messenger 5.5.3415 Beta
• AOL Instant Messenger 5.5.3595

References:

• AOL: AOL Instant Messenger Home Page
• iDEFENSE: AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.