Overflow in message <TITLE>. Trivial DOS attack, probably could be exploited for remote access.
Karl Koscher <mrsaturn@TEENCITY.ORG>
DOS attack with strong possibility of remotely running arbitrary code.
People running AOL's Instant Messenger V.1.7.466 or before
20 March 1997
Date: Thu, 20 Mar 1997 17:13:13 -0800
From: Karl Koscher <mrsaturn@TEENCITY.ORG>
Subject: AOL Instant Messenger Bug... AGAIN!
[The following text is in the "iso-8859-1" character set]
[Your display is set for the "US-ASCII" character set]
[Some characters may be displayed incorrectly]
In the latest version of AOL's Instant Messenger, what appears to be another
buffer overflow bug has been discovered. Anyone with an older client can
send the message <TITLE> to any 1.7.466 user, and the recipient's AOLIM
client will crash. <TITLE> can also be put in your profile, effectivly
crashing AOLIM for people who look at your profile. While it has no effects
on the rest of the system, you may be unable to sign back on to AOLIM.
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: