10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.919 High
EPSS
Percentile
98.9%
A vulnerability in the AOL Instant Messenger (AIM) client could allow a remote attacker to execute arbitrary code on a victim system.
AOL Instant Messenger (AIM) is an instant messaging system distributed by AOL Time Warner. A buffer overflow error exists in the way that some versions of the AIM client software handle AIM ‘Away’ messages. This error creates a vulnerability that can be exploited by remote attackers supplying overly long input to the goaway
function of the aim:
URI handler. Exploitation of this vulnerability requires an AIM user to click on a malicious URL supplied in an instant message or embedded in a web page.
An intruder may be able to execute arbitrary code on a vulnerable system. The intruder-supplied code would run with the privileges of the user running an instance of the vulnerable AIM client.
The CERT/CC is currently unaware of a practical solution to this problem.
Workarounds
AOL has published a bulletin (refer to the section titled “AOL Instant Messenger URI Handler Buffer Overflow”) recommending the following workaround for this issue:
Exploitation of aim:
URI handler vulnerabilities can be prevented by removing the following key from the registry:
HKEY_CLASSES_ROOT\aim
The following script can be saved to a file with the .vbs extension and executed to automate the task of removing the relevant URI handler:
Set WshShell = CreateObject(“WScript.Shell”)
WshShell.RegDelete "HKCR\aim"
Note that this workaround is specific to users of the AIM client software for the Windows operating system. Users are strongly encouraged to apply this workaround until a patched version of the AIM client software is available.
735966
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 09, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23735966 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
The CERT/CC is aware of coincidental public disclosure of this issue by Secunia and iDefense. Secunia credits Ryan McGeehan and Kevin Benes for reporting this issue and iDefense credits Matt Murphy.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2004-0636 |
---|---|
Severity Metric: | 14.38 Date Public: |