Overview
AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim.
Description
AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the victims client to crash. |
Impact
By repeatedly sending this message with the file attached, a continued denial of service can be caused. |
Solution
Upgrade your client. This has been fixed in version 4.8.2540 beta. |
AIM permits the user to only accept messages from known/trusted peers. Enable this feature. |
Vendor Information
990451
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Robbie Saunders.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 8.51 |
| Date Public: | 2001-10-06 |
| Date First Published: | 2002-01-14 |
| Date Last Updated: | 2002-01-14 18:25 UTC |
| Document Revision: | 8 |