AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Buffer Overflow Vulnerability

2000-12-12T00:00:00
ID EDB-ID:20510
Type exploitdb
Reporter Joe Testa
Modified 2000-12-12T00:00:00

Description

AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 'aim://' Buffer Overflow Vulnerability. CVE-2000-1093. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2118/info

AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.

This vulnerability exists in versions of AOL Instant previous to Messenger 4.3.2229. By sending a specially crafted URL ,using the 'aim:' protocol, comprised of 'goim' and 'screenname' parameters, it is possible for a remote user to overflow the buffer during a memory copy operation and execute arbitarary code.

It should be noted that the victim need only have AIM installed on their machine to be vulnerable. Even if AIM is not running, if a user clicks or otherwise activates a malicious aim:// url, the overflow will occur. Additionally it should be noted that AIM is often included/bundled with Netscape Communicator and possibly other popular software programs.

Successful exploitation of this vulnerability will lead to complete comprimise of the target host. 

href="aim:goim? screenname=AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA&message=EIP,+the+other+white+meat" >here</a><br>