---------------------------------------------------------------------- The A-TEAM Presents... Date: 10/10/98 Advisory#: 01 Author: JOHN BISSELL <hight1mezat_private> ---------------------------------------------------------------------- There is a big security problem in America OnLine 4.x which allows anybody to remotely crash AOL 4.x software by sending Email which AOL software does not know how to handle and thus causes an invalid page fault in module AOLRICH.AOL! The exploit in essence is too send a email message to a America OnLine user with a [ background ] image that has a 255 character name. This could be created in America OnLine's own Email message composer or perhaps in a Email program that allows HTML formatting. There might be potential for remote execution of unauthorized code. America OnLine 4.x software does a good job by warning the user before opening the Email message that the evil message sent contains a picture that could cause trouble for the reader. NOTE: I have notifyed AOL about this problem so they should address this issue very soon. hopefully! HI THERE ADAM NANCE! EOF ---------------------------------------------------------------------- ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:15 PDT