aol.aim.url.DoS.txt

`Date: Mon, 19 Apr 1999 22:00:00 -0500  
From: Adam Brown <[email protected]>  
To: [email protected]  
Subject: AOL Instant Messenger URL Crash  
  
There is a bug in the newer versions of AOL's Instant Messenger that will  
cause the client to crash when exploited. All builds of version 2.0 that  
I've tested seem to be vulnerable, although I have not done extensive  
version testing. AOL was notified of this about two weeks ago. To exploit  
this bug, send a hyperlink in this format: aim:addbuddy?=screenname  
  
Have fun,  
  
SpunOne  
  
http://www.fazed.net  
  
http://www.webzone.net  
  
--------------------------------------------------------------------------  
  
Date: Tue, 20 Apr 1999 16:24:02 -0400  
From: Daniel Reed <[email protected]>  
To: [email protected]  
Subject: Re: AOL Instant Messenger URL Crash  
  
On Mon, 19 Apr 1999, Adam Brown wrote:  
) There is a bug in the newer versions of AOL's Instant Messenger that will  
) cause the client to crash when exploited. All builds of version 2.0 that  
) I've tested seem to be vulnerable, although I have not done extensive  
) version testing. AOL was notified of this about two weeks ago. To exploit  
) this bug, send a hyperlink in this format: aim:addbuddy?=screenname  
I just sent <a href="aim:addbuddy?=screenname">what does this show up as</a>?  
to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I don't  
know if you meant to say that the user had to click on it for the client to  
crash, or if this is indeed different behaviour. I also just tried it with  
"screenname" replaced with first her screenname, and then with mine, again  
with no automatic reaction.  
  
(sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM  
2.0.996 user)  
[15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what  
does this show up as]?  
[16:00:23] Friend <victim> has just logged off :(  
[16:03:09] Friend <victim> is now online =)  
[16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow  
miaow] (don't click on that, I'm just testing something)  
[16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth  
er test...]  
  
--  
Daniel Reed <[email protected]>  
Many a false step is made by standing still...  
  
--------------------------------------------------------------------------  
  
Date: Tue, 20 Apr 1999 16:34:16 -0500  
From: Adam Brown <[email protected]>  
To: [email protected]  
Subject: Re: AOL Instant Messenger URL Crash  
  
I'm sorry if I was unclear in my first post. The only way I've seen to  
exploit this is to send someone a hyperlink in the form of  
aim:addbuddy?=screenname and have them click on it. (replacing "screenname"  
with an actual screen name seems to give the same result) You can also set  
up a web page that will redirect your victim to a client crashing URL once  
they've caught on to your evil little scheme. :p I set up an example of  
this at http://www.fazed.net/poof for testing purposes, of course.  
  
Adam Brown  
SpunOne@IRC  
http://www.fazed.net  
http://www.webzone.net  
  
--------------------------------------------------------------------------  
  
Date: Wed, 21 Apr 1999 14:30:40 -0400  
From: Eric L. Howard <[email protected]>  
To: [email protected]  
Subject: Re: AOL Instant Messenger URL Crash  
  
I haven't been able to duplicate this on any 2.0.8* builds...I've tested about  
15 different people and none in the 2.0.8* builds were affected.  
  
All others tested were in the 2.0.9* build and died immediately, some causing  
the user to have to reboot, all rendering AIM completly unable to be restarted  
for several minutes after the Dr. Watson cleared on NT.  
  
~ELH~  
  
--------------------------------------------------------------------------  
  
Date: Wed, 21 Apr 1999 18:14:59 -0700  
From: Adam Herscher <[email protected]>  
To: [email protected]  
Subject: Re: AOL Instant Messenger URL Crash  
  
The problem could not be duplicated on AIM 2.0.813 (Windows 98) running IE  
5.0 - Is it possible that this is in part a problem with IE 4.0?  
  
Adam Herscher (ajh-)  
  
--------------------------------------------------------------------------  
  
Date: Wed, 21 Apr 1999 18:07:12 -0700  
From: Adam Herscher <[email protected]>  
To: [email protected]  
Subject: Re: AOL Instant Messenger URL Crash  
  
>I'm sorry if I was unclear in my first post. The only way I've seen to  
>exploit this is to send someone a hyperlink in the form of  
>aim:addbuddy?=screenname and have them click on it. (replacing  
"screenname"  
>with an actual screen name seems to give the same result) You can also set  
>up a web page that will redirect your victim to a client crashing URL once  
>they've caught on to your evil little scheme. :p I set up an example of  
>this at http://www.fazed.net/poof for testing purposes, of course.  
>  
>Adam Brown  
>SpunOne@IRC  
>http://www.fazed.net  
>http://www.webzone.net  
  
  
This doesn't seem to work on the Mac versions (tested 2.01.644)  
  
Adam Herscher (ajh-)  
  
`