Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
AOL Instant Messenger Overflow New
A security vulnerability exists in AOL Instant Messenger (AIM) which could allow a malicious user to remotely penetrate a victim's system without any indication as to who performed the attack.
Issue
AOL Instant Messenger (AIM) has a major security vulnerability in the latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This vulnerability will allow remote penetration of the victim's system without any indication as to who performed the attack. There is no opportunity to refuse the request. This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in.
This particular vulnerability results from an overflow in the code that parses a game request. The actual overflow appears to be in the parsing of TLV type 0x2711. This may be more generic and exploitable through other means, but AOL has not released enough information about their protocol for us to be able to determine that.
Affected Products
- AOL Instant Messenger 4.3 or greater
Solution
No software patch has been released by AOL as this stage.
A temporary solution to this vulnerability is:
- Go to your Preferences
- Go to the Privacy section
- Click "Allow only users on my Buddy List" under "who can contact me"
Further Details
Source: w00w00
Updated: January 2, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
