Overview
AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window and in some cases the operating system(OS).
Description
AIM for Windows stores font names in the messages sent from one client to another. By using numerous fonts, and sending a html division line <HR>, an attacker can cause the victim's client to crash. |
Impact
By repeatedly sending this message, a continued denial of service can be caused. |
Solution
This has been resolved in AIM for Windows beta version 4.8.2540. |
AIM permits the user to only accept messages from known/trusted peers. Enable this feature. |
Vendor Information
530299
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Robbie Saunders.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 9.45 |
| Date Public: | 2001-10-06 |
| Date First Published: | 2002-01-14 |
| Date Last Updated: | 2002-01-14 18:28 UTC |
| Document Revision: | 12 |