Vulnerability Development mailing list archives

Re: AOL IM 4.7 d0s 0-Day

From: Tony Lambiris <methodic () slartibartfast angrypacket com>
Date: Tue, 2 Oct 2001 11:33:01 -0700

Proof of concept code up at http://sec.angrypacket.com

check under the "code" section.

On 10.01.01, Matthew Sachs <matthewg () zevils com> wrote:

I just saw this with my custom AIM client.  It's an IM consisting of
a repeated sequence of "<!-- " (sans quotes).  I tested it against
WinAIM 4.7.2480 and it does indeed produce the crash you described.

-- 
Matthew Sachs, the original nonstandard deviant
matthewg () zevils com        http://www.zevils.com/
GPG key: 0x600A0342   PGP key: 0x93EA1151


-- 
Tony Lambiris [methodic () slartibartfast angrypacket com]
   http://www.openbsd.org && http://www.openssh.com
       "Anyone who truly understands the power 
         of UNIX wouldn't use anything else."

Current thread:

Re: AOL IM 4.7 d0s 0-Day austin (Sep 30)
- <Possible follow-ups>
- Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 01)
  - Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 01)
  - Re: AOL IM 4.7 d0s 0-Day Tony Lambiris (Oct 02)
- Re: AOL IM 4.7 d0s 0-Day Marukka (Oct 01)
  - Re: AOL IM 4.7 d0s 0-Day Matthew Sachs (Oct 03)