Title: AOL Instant Messenger 'aim://' Buffer Overflow Vulnerability
Severity: HIGH
Description:
AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.
This vulnerability exists in versions of AOL Instant previous to Messenger 4.3.2229. By sending a specially crafted URL ,using the 'aim:' protocol, comprised of 'goim' and 'screenname' parameters, it is possible for a remote user to overflow the buffer during a memory copy operation and execute arbitarary code.
It should be noted that the victim need only have AIM installed on their machine to be vulnerable. Even if AIM is not running, if a user clicks or otherwise activates a malicious aim:// url, the overflow will occur. Additionally it should be noted that AIM is often included/bundled with Netscape Communicator and possibly other popular software programs.
Successful exploitation of this vulnerability will lead to complete comprimise of the target host.
Affected Products:
- AOL Instant Messenger 3.5.1856
- AOL Instant Messenger 4.0.0
- AOL Instant Messenger 4.1.2010
- AOL Instant Messenger 4.2.1193
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
