{"vuid":"VU#683765","idnumber":"683765","name":"AOL Instant Messenger vulnerable to denial of service via crafted file name","keywords":["AOL","aim","format string","dos"],"overview":"AOL Instant Messenger (AIM) 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a \"%s\" are sent to a victim.","clean_desc":"AOL Instant Messenger (AIM) is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. Versions 4.1 and prior contained a fromat string vulnerability that made it possible to cause a denial of service to the recipient of a file, when the file transferred contained a \"%s\" in the name.","impact":"An attacker can crash the victim's client causing a denial of service. Note that this vulnerability is consistant with a format string vulnerability and there may be the potential to exploit this vulnerability to execute arbitrary code.","resolution":"Upgrade to a version later than 4.1.","workarounds":"","sysaffected":"","thanks":"Our thanks to Adam Spun <spunone@fazed.net>, who discovered this vulnerability.","author":"This document was written by Jason Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","1","7","4","7"],"cveids":["CVE-2000-1000"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-10-24T22:56:20Z","publicdate":"2000-10-03T00:00:00Z","datefirstpublished":"2002-04-05T21:30:39Z","dateupdated":"2002-04-05T21:30:42Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"7.5","cam_scorecurrentwidelyknown":"7.5","cam_scorecurrentwidelyknownexploited":"13.5","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.5,"vulnote":null}