{"vuid":"VU#474592","idnumber":"474592","name":"AOL Instant Messenger contains buffer overflows in parsing of AIM URI handler requests","keywords":["aol","aim","buffer overflow","execution of code"],"overview":"AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A buffer overflow vulnerability exists that can manipulate the configuration of the victim's client.","clean_desc":"AIM installs a URI handler that permits the use of the \"aim:\" protocol on the machine that enables people to post links on their websites, or send them in email messages to friends. For example: <a href=\"aim:goim?screenname=myname\"> Send me an instant message here.</a> One can also specify command line options to AIM for when it starts, permitting this vulnerability to be exploited by an application, or trojan. AIM versions 3.5.x and prior contain a buffer overflow. When specifying options using the aim protocol, or the command line, one can trigger a buffer overflow in the client. In addition to crashing the client, an attacker can add arbitrary \"buddies\" to an AIM user's buddy list by a malicious web page or html-based e-mail message.","impact":"An attacker can add arbitrary users to the victim's \"buddy\" list, or crash their client.","resolution":"Upgrade to a version of AIM higher than 3.5.x.","workarounds":"","sysaffected":"","thanks":"Our thanks to @stake <researchlabs@atstake.com > for the information contained in their \nadvisory","author":"This document was written by Jason Rafail.","public":["http://www.atstake.com/research/advisories/2000/a121200-1.txt","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1093","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1094"],"cveids":["CVE-2000-1094"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-12-13T23:09:59Z","publicdate":"2000-12-12T00:00:00Z","datefirstpublished":"2002-04-05T21:28:20Z","dateupdated":"2002-04-05T21:28:23Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"8","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.5","cam_scorecurrentwidelyknown":"4.5","cam_scorecurrentwidelyknownexploited":"8.1","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.5,"vulnote":null}