CVE-2002-1953

Name of the Vulnerable Software and Affected Versions AOL Instant Messenger (AIM) versions 4.4 through 4.8.2616

Description The issue is related to a heap-based buffer overflow in the goim handler, which can be triggered by escaping of the screen name parameter. This occurs when the user selects "Get Info" on the buddy, leading to a denial of service (crash).

Recommendations For AOL Instant Messenger (AIM) versions 4.4 through 4.8.2616, consider avoiding the use of the "Get Info" feature on buddies until a fix is available. As a temporary workaround, restrict the input for the screen name parameter to prevent potential overflows. At the moment, there is no information about a newer version that contains a fix for this issue.