PT-2001-1134 · Aol · Aol Instant Messenger
Published
2001-01-09
·
Updated
2024-02-09
·
CVE-2000-1094
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AOL Instant Messenger (AIM) versions prior to 4.3.2229
Description
The issue allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long
src argument. This is achieved by exploiting a buffer overflow in the software.Recommendations
For versions prior to 4.3.2229, update to version 4.3.2229 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "buddyicon" command with a long
src argument until a patch is applied.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aol Instant Messenger