Hole in AOL Instant Messenger

From: InterWN Labs (interwnat_private)
Date: Wed May 08 2002 - 16:01:26 PDT

Next message: Benjamin Keller: "FW: New Macromedia Security Zone Bulletins Posted"

Previous message: Mandrake Linux Security Team: "MDKSA-2002:030 - temporary fix for netfilter information leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hello all, This morning I noticed something while playing around with the aim:AddBuddy hyperlink for AIM. If you add many characters separated by commas you can crash the aim when a user clicks it. An example: aim:AddBuddy? ScreenName=InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,I nterWN,InterWN,InterWN,InterWN,InterWN,InterWN&groupname=Int erWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN ,InterWN,InterWN,InterWN,InterWN It causes an error in OSCORE.DLL and which then causes Instant Messenger to crash. If anyone is willing to work with me do a little further research on the problem just let me know. Obviously no one would click that link about, but you can hide it with the make a link option aim has in the window. Thanx a lot. philer www.interwn.nl

Next message: Benjamin Keller: "FW: New Macromedia Security Zone Bulletins Posted"
Previous message: Mandrake Linux Security Team: "MDKSA-2002:030 - temporary fix for netfilter information leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 10 2002 - 20:19:38 PDT