Vulnerabilities > CVE-2002-1953 - Remote Heap Overflow vulnerability in AOL Instant Messenger Link Special Character

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

aol

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.

Vulnerable Configurations

Part	Description	Count
Application	Aol AOL Instant Messenger 4.4 AOL Instant Messenger 4.5 AOL Instant Messenger 4.6 AOL Instant Messenger 4.7 AOL Instant Messenger 4.7.2480 AOL Instant Messenger 4.8.2616 AOL Instant Messenger 4.8.2646	7

References

http://online.securityfocus.com/archive/1/288980
http://www.iss.net/security_center/static/9950.php
http://www.securityfocus.com/bid/5492