Vulnerabilities > CVE-2005-1891 - Integer Underflow (Wrap or Wraparound) vulnerability in AOL AIM

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

aol

CWE-191

nessus

NVD

Published: 2005-06-09

Updated: 2024-02-08

Summary

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

Vulnerable Configurations

Part	Description	Count
Application	Aol AOL AIM 1.0 AOL AIM 1.0.1.2 AOL AIM 1.06 AOL AIM 1.7 AOL AIM 2.0 AOL AIM 2.1 AOL AIM 3.0 AOL AIM 3.5 AOL AIM 4.1 AOL AIM 4.2 AOL AIM 4.3 AOL AIM 4.4 AOL AIM 4.7 AOL AIM 4.8 AOL AIM 5.0 AOL AIM 5.1 AOL AIM 5.2 AOL AIM 5.5 AOL AIM 5.9 AOL AIM 5.9.3797	20
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

Nessus

NASL family	Windows
NASL id	AIM_BUDDY_ICON_OVERFLOW.NASL
description	According to the Windows registry, the version of AOL Instant Messenger install on the remote host has an integer overflow in its GIF parser,
last seen	2020-06-01
modified	2020-06-02
plugin id	18432
published	2005-06-08
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18432
title	AIM Buddy Icon Overflow Vulnerability
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18432); script_version("1.16"); script_cve_id("CVE-2005-1891"); script_bugtraq_id(13880); name["english"] = "AIM Buddy Icon Overflow Vulnerability"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is susceptible to denial of service attacks." ); script_set_attribute(attribute:"description", value: "According to the Windows registry, the version of AOL Instant Messenger install on the remote host has an integer overflow in its GIF parser, 'ateimg32.dll'. Using a specially crafted GIF file as a buddy icon, an attacker can reportedly crash the affected host." ); script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x15-advisory.txt" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/36" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/43" ); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/07"); script_cvs_date("Date: 2018/11/15 20:50:26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); summary["english"] = "Checks for buddy icon overflow vulnerability in AIM"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("aim_detect.nasl"); script_require_keys("AIM/version"); exit(0); } # Test an install. ver = get_kb_item("AIM/version"); if (ver) { # There's a problem if the newest version is 5.9.3797 or below. iver = split(ver, sep:'.', keep:FALSE); if ( int(iver[0]) < 5 \|\| ( int(iver[0]) == 5 && ( int(iver[1]) < 9 \|\| (int(iver[1]) == 9 && int(iver[2]) <= 3797) ) ) ) security_hole(get_kb_item("SMB/transport")); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References