Full Disclosure mailing list archives
RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS
From: <auto447062 () hushmail com>
Date: Tue, 7 Jun 2005 08:35:33 -0700
...The vulnerability exists within the GIF parser in
"ateimg32.dll"... Tests: 1. W2k - all updates, logged in w/admin rights. - Opening in Adobe Photoshop 5.5 (most standard plain vanilla graphic parsers, I believe) - Photoshop hung without any error messages. - Firefox 1.0.4 - "broken image" icon - IE 6.0.2800.1106 - blank page, no errors, but slow. 2. XP SP2 with all updates, logged in as local user with veeeeery limited rights - IrfanView 3.97 - "Invalid or unsupported GIF file" error - IE 6.0.2900.2180 SP2does not return any error, shows a blank page - _not_ a broken image icon. - Windows Image and Fax Viewer - no error, blank page with "No preview available, did not hung. 3. Now, a strange, perverted fun - logged into the same XP with admin rights - IE silently dies, nothing in Events Log. 4. Going now to local Macs, will post if there's anything of interest... I've got a feeling that it's not just an AIM problem. Aim higher %^) Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS Tom Ferris (Jun 07)
- <Possible follow-ups>
- RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS auto447062 (Jun 07)