<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: AOL IM 4.7 d0s 0-Day

Re: AOL IM 4.7 d0s 0-Day

From: Tony Lambiris <methodic_at_slartibartfast.angrypacket.com>
Date: Tue, 2 Oct 2001 11:33:01 -0700

Proof of concept code up at http://sec.angrypacket.com

check under the "code" section.

On 10.01.01, Matthew Sachs <matthewg_at_zevils.com> wrote:
> I just saw this with my custom AIM client. It's an IM consisting of
> a repeated sequence of "<!-- " (sans quotes). I tested it against
> WinAIM 4.7.2480 and it does indeed produce the crash you described.
>
> --
> Matthew Sachs, the original nonstandard deviant
> matthewg@zevils.com http://www.zevils.com/
> GPG key: 0x600A0342 PGP key: 0x93EA1151

-- 
Tony Lambiris [methodic_at_slartibartfast.angrypacket.com]
   http://www.openbsd.org && http://www.openssh.com
       "Anyone who truly understands the power 
         of UNIX wouldn't use anything else."

Received on Oct 02 2001

This message: [ Message body ]
Next message: John Allen Scimone: "using stolen aspsession ids"
Previous message: dullien_at_gmx.de: "Re: .com"
In reply to: Matthew Sachs: "Re: AOL IM 4.7 d0s 0-Day"
Next in thread: Marukka: "Re: AOL IM 4.7 d0s 0-Day"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos