Vulnerabilities > CVE-2004-0636 - Unspecified vulnerability in AOL Instant Messenger 5.5/5.5.3415Beta/5.5.3595
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description AOL Instant Messenger goaway Overflow. CVE-2004-0636. Remote exploit for windows platform id EDB-ID:16525 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16525/ title AOL Instant Messenger goaway Overflow description AOL Instant Messenger AIM "Away" Message Local Exploit. CVE-2004-0636. Local exploit for windows platform id EDB-ID:395 last seen 2016-01-31 modified 2004-08-14 published 2004-08-14 reporter mandragore source https://www.exploit-db.com/download/395/ title AOL Instant Messenger AIM "Away" Message Local Exploit description AOL Instant Messenger AIM "Away" Message Remote Exploit. CVE-2004-0636. Remote exploit for windows platform id EDB-ID:431 last seen 2016-01-31 modified 2004-09-02 published 2004-09-02 reporter John Bissell source https://www.exploit-db.com/download/431/ title AOL Instant Messenger AIM "Away" Message Remote Exploit
Metasploit
| description | This module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying an overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/AIM_GOAWAY |
| last seen | 2020-05-23 |
| modified | 2017-09-09 |
| published | 2006-07-31 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/aim_goaway.rb |
| title | AOL Instant Messenger goaway Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83145/aim_goaway.rb.txt |
| id | PACKETSTORM:83145 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | skape |
| source | https://packetstormsecurity.com/files/83145/AOL-Instant-Messenger-goaway-Overflow.html |
| title | AOL Instant Messenger goaway Overflow |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:13762 last seen 2017-11-19 modified 2004-09-02 published 2004-09-02 reporter Root source https://www.seebug.org/vuldb/ssvid-13762 title AOL Instant Messenger AIM ""Away"" Message Remote Exploit bulletinFamily exploit description No description provided by source. id SSV:62867 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-62867 title AOL Instant Messenger AIM "Away" Message Remote Exploit bulletinFamily exploit description No description provided by source. id SSV:62854 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-62854 title AOL Instant Messenger AIM "Away" Message Local Exploit bulletinFamily exploit description No description provided by source. id SSV:14307 last seen 2017-11-19 modified 2004-08-14 published 2004-08-14 reporter Root source https://www.seebug.org/vuldb/ssvid-14307 title AOL Instant Messenger AIM ""Away"" Message Local Exploit bulletinFamily exploit description No description provided by source. id SSV:9089 last seen 2017-11-19 modified 2008-07-16 published 2008-07-16 reporter Root source https://www.seebug.org/vuldb/ssvid-9089 title AOL Instant Messenger AIM "Away" Message Local Exploit