Buffer overflow in AOL Instant Messenger 1.7.466

Summary
Description:Overflow in message <TITLE>. Trivial DOS attack, probably could be exploited for remote access.
Author:Karl Koscher <mrsaturn@TEENCITY.ORG>
Compromise:DOS attack with strong possibility of remotely running arbitrary code.
Vulnerable Systems:People running AOL's Instant Messenger V.1.7.466 or before
Date:20 March 1997
Details


Date: Thu, 20 Mar 1997 17:13:13 -0800
From: Karl Koscher <mrsaturn@TEENCITY.ORG>
To: BUGTRAQ@NETSPACE.ORG
Subject: AOL Instant Messenger Bug... AGAIN!

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "US-ASCII" character set]
    [Some characters may be displayed incorrectly]

In the latest version of AOL's Instant Messenger, what appears to be another
buffer overflow bug has been discovered. Anyone with an older client can
send the message <TITLE> to any 1.7.466 user, and the recipient's AOLIM
client will crash. <TITLE> can also be put in your profile, effectivly
crashing AOLIM for people who look at your profile. While it has no effects
on the rest of the system, you may be unable to sign back on to AOLIM.

- Karl

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: