SMTP: AOL Instant Messenger "GoAway" URL
This signature detects attempts to deliver a "GoAway" URL through SMTP. There is a known buffer overflow vulnerability in the way AOL's Instant Messenger client handles "GoAway" URLs. "GoAway" URLs are not normally seen in an e-mail message. This could be an indication of an exploit attempt. It could also be a false positive.
Extended Description
AOL Instant Messenger is reported prone to a remote buffer overflow vulnerability when processing a malformed 'Away' message. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access. AOL Instant Messenger versions 5.5.3595 and 5.5 are reported vulnerable to this issue, however, other versions may be affected as well.
Affected Products
Aol instant_messenger
References
BugTraq: 10889
CVE: CVE-2004-0636
URL: http://www.idefense.com/application/poi/display?id=121&type=vulnerabilities
Short Name
SMTP:MAL:AIM-BO-URL
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
"GoAway" AOL CVE-2004-0636 Instant Messenger URL bid:10889
Release Date
08/12/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Aol
CVSS Score
10.0