AOL Instant Messenger 4.x/5.x - Smiley Icon Location Remote Denial of Service

EDB-ID:

25633


Type:

dos


Platform:

Windows

Date:

2005-05-09


source: https://www.securityfocus.com/bid/13553/info

AOL Instant Messenger is reported prone to a remote denial of service vulnerability.

The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon.

Reports indicate that the issue manifests because of a buffer overflow condition this, however, is not confirmed.

A remote attacker may leverage this condition to crash a target AOL Instant Messenger client. Other attacks may also be possible. 

"DO NOT COPY AND PASTE OR IT WILL CRASH U" <fontsml=.>..<font sml= .></font>