Type packetstorm
Reporter Cruz
Modified 2000-03-04T00:00:00


                                            `As all Ascii-Symbols can be displayed in &#XXX; format, where XXX are  
numbers from 0-255, AIM seems not to check the XXX for higher values  
and some strings above 255 result in aim crashing completly or in part.  
E.g. the string ̂ will result in crashing the whole aim, but ̃  
will crash only the instant message window (̃ was only tested once  
by me).  
It will crash the AIM of the attacker too, because AIM displays the string  
in the attacker-Instant Message, so the attacker-AIM also tries to convert  
it and errors.  
There is already an unofficial fix available, which can be downloaded at my  
The fix is an edited ate32.dll, which should be copied to the aim directory.  
With it, aim doesnt try to convert "&#XXX;"-type of strings anymore, a  
minimum drawback (note: with that fix, the attacker can use this exploit to  
crash other unfixed AIMs, but wont crash his/her own AIM).  
Affected versions: I tested this only on 3.5+ versions of AIM, but all other  
versions are most likely affected too.  
Get Your Private, Free Email at