[Full-disclosure] RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

auto447062_at_hushmail.com
Date: 06/07/05

  • Next message: Gary E. Miller: "Re: [Full-disclosure] Wierd firefox symptom"
    Date: Tue,  7 Jun 2005 08:35:33 -0700
    To: 
    
    

    >...The vulnerability exists within the GIF parser in
    "ateimg32.dll"...

    Tests:
    1. W2k - all updates, logged in w/admin rights.
    - Opening in Adobe Photoshop 5.5 (most standard plain vanilla
    graphic parsers, I believe) - Photoshop hung without any error
    messages.
    - Firefox 1.0.4 - "broken image" icon
    - IE 6.0.2800.1106 - blank page, no errors, but slow.
    2. XP SP2 with all updates, logged in as local user with veeeeery
    limited rights
    - IrfanView 3.97 - "Invalid or unsupported GIF file" error
    - IE 6.0.2900.2180 SP2does not return any error, shows a blank page
    - _not_ a broken image icon.
    - Windows Image and Fax Viewer - no error, blank page with "No
    preview available, did not hung.
    3. Now, a strange, perverted fun - logged into the same XP with
    admin rights - IE silently dies, nothing in Events Log.
    4. Going now to local Macs, will post if there's anything of
    interest...

    I've got a feeling that it's not just an AIM problem. Aim higher
    %^)

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Gary E. Miller: "Re: [Full-disclosure] Wierd firefox symptom"

    Relevant Pages