Home page logo
/

bugtraq logo Bugtraq mailing list archives

AOL for Windows DoS/Exploit
From: no () MCS NET (Invisi)
Date: Mon, 1 Jun 1998 10:45:45 -0500


Well.. I thought this was something that some of you might get a kick
out of... as well as informative.  I also havent seen this on any other
sites.  here's the stuff...

Tested on: AOL3.0 16-bit Windows, AOL3.0 32-bit Windows, AOL4.0 Windows

Problem:
AOL's Instant message's uses HTML.  This enables there customers to
change font sizes, colors, backgrounds, to suite there tastes.  Well
here is where the bug comes into play.
All you simply have to do is send someone who is useing a AOL version,
that uses the <font> tagg, a instant message of
<font =
9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999>
A AOL instant message has to be below a certain character size that can
fit in one message.  This goes beyond the valid size, as well as being a
invalid parameter for <font>.  It will cause your AOL software to freak
out, and a GPF will occur.  If your able to stick more 9's in there,
then please do.

Fix:
Convert back to a older version of AOL for Windows, like 2.5 or before.
Or, simply reject any Instant Messages by useing the $IM_OFF command.
Since Instant Messages are a big part of AOL, most people keep there
Instant Messages turned on.

- Invisible



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault