Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0785

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0785
Last Modified 05 Sep 2008 04:28:56
Published 12 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0785

Summary

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

Vulnerable Systems

Application

  • Aol Instant Messenger 4.0

  • Aol Instant Messenger 4.1

  • Aol Instant Messenger 4.1.2010

  • Aol Instant Messenger 4.2

  • Aol Instant Messenger 4.2.1193

  • Aol Instant Messenger 4.3

  • Aol Instant Messenger 4.3.2229

  • Aol Instant Messenger 4.4

  • Aol Instant Messenger 4.5

  • Aol Instant Messenger 4.6

  • Aol Instant Messenger 4.7

  • Aol Instant Messenger 4.7.2480

  • Aol Instant Messenger 4.8.2616

  • Aol Instant Messenger 4.8.2646


References

CERT-VN - VU#259435

BID - 4709

XF - aim-addbuddy-bo(9058)

BUGTRAQ - 20020508 Hole in AOL Instant Messenger

OSVDB - 5109


Last Updated: 27 May 2016 10:37:04