Vulnerability Development mailing list archives
Re: AOL IM 4.7 d0s 0-Day
From: Tony Lambiris <methodic () slartibartfast angrypacket com>
Date: Tue, 2 Oct 2001 11:33:01 -0700
Proof of concept code up at http://sec.angrypacket.com check under the "code" section. On 10.01.01, Matthew Sachs <matthewg () zevils com> wrote:
I just saw this with my custom AIM client. It's an IM consisting of a repeated sequence of "<!-- " (sans quotes). I tested it against WinAIM 4.7.2480 and it does indeed produce the crash you described. -- Matthew Sachs, the original nonstandard deviant matthewg () zevils com http://www.zevils.com/ GPG key: 0x600A0342 PGP key: 0x93EA1151
-- Tony Lambiris [methodic () slartibartfast angrypacket com] http://www.openbsd.org && http://www.openssh.com "Anyone who truly understands the power of UNIX wouldn't use anything else."
Current thread:
- Re: AOL IM 4.7 d0s 0-Day austin (Sep 30)
- <Possible follow-ups>
- Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 01)
- Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 01)
- Re: AOL IM 4.7 d0s 0-Day Tony Lambiris (Oct 02)
- Re: AOL IM 4.7 d0s 0-Day Marukka (Oct 01)
- Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 03)