AOL Instant Messenger (AIM) AddBuddy Link Long ScreenName Parameter DoS

2002-05-08T23:13:54
ID OSVDB:5109
Type osvdb
Reporter philer(interwn@interwn.nl)
Modified 2002-05-08T23:13:54

Description

Vulnerability Description

AOL Instant Messenger contains a flaw that may allow a remote denial of service. The issue is triggered when a long add:AddBuddy hyperlink is clicked-on in a message, and will result in loss of availability for the AIM program.

Solution Description

Upgrade to version 4.8.7290 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AOL Instant Messenger contains a flaw that may allow a remote denial of service. The issue is triggered when a long add:AddBuddy hyperlink is clicked-on in a message, and will result in loss of availability for the AIM program.

Manual Testing Notes

aim:AddBuddy? ScreenName=InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,I nterWN,InterWN,InterWN,InterWN,InterWN,InterWN&groupname=Int erWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN ,InterWN,InterWN,InterWN,InterWN

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html Keyword: AOL Instant Messenger ISS X-Force ID: 9058 CVE-2002-0785 CERT VU: 259435 Bugtraq ID: 4709