Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability

To: "shell@xxxxxxxxxxxx" <shell@xxxxxxxxxxxx>
Subject: Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability
From: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
Date: Fri, 3 Feb 2006 16:42:27 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jFkXUG/je6q8I+EmgMcxGgACyGQDnc0V3ICjr5T0HVsI09+zEdU0F+pnBsnLkMFxxRNqa44E8qbq59jOeHdzDMZmBDF4VOSqdmLiUmc09b6z7HqBNWq8QNmZS0XiAEOY/ahGCvr+/oIcVB2r7PdQ+KIZaDET76OK/ca6ULNlA0E=
In-reply-to: <20060203022856.24469.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060203022856.24469.qmail@xxxxxxxxxxxxxxxxx>

So this isn't actually remotely exploitable at all since its within a
dialog box that a local user must manually fill in?

Best Regards,
sb

On 3 Feb 2006 02:28:56 -0000, shell@xxxxxxxxxxxx <shell@xxxxxxxxxxxx> wrote:
> As I submitted to full disclosure:
>
> "I have discovered that there is a buffer overrun vulnerability in AOL's 
> Instant Messenger program. I have only tested this on version 5.9.3861. The 
> problem causes a minimum of a program crash. I am not sure as to the 
> posibility of shellcode execution.
>
> The vulnerability can be exploited by supplying an overly large username from 
> which to obtain "buddy info."
>
> If you are unsure as to what I am talking about, I can post a screenshot."
>
> Well, I made a Macromedia Captivate-made video of it. 
> http://www.dotshell.net/aim.swf. What I am thinking is that a program can be 
> written to write an overlong string and shellcode to the address effected and 
> execute the same operation to leverage the problem.
>

References:
- AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability
  - From: shell

Prev by Date: Re: Winamp 5.12 - 0day exploit - code execution through playlist
Next by Date: [eVuln] MyQuiz Arbitrary Command Execution Vulnerability
Previous by thread: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability
Next by thread: Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability
Index(es):
- Date
- Thread