[Full-disclosure] RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS
Date: Tue, 7 Jun 2005 08:35:33 -0700 To:
>...The vulnerability exists within the GIF parser in
1. W2k - all updates, logged in w/admin rights.
- Opening in Adobe Photoshop 5.5 (most standard plain vanilla
graphic parsers, I believe) - Photoshop hung without any error
- Firefox 1.0.4 - "broken image" icon
- IE 6.0.2800.1106 - blank page, no errors, but slow.
2. XP SP2 with all updates, logged in as local user with veeeeery
- IrfanView 3.97 - "Invalid or unsupported GIF file" error
- IE 6.0.2900.2180 SP2does not return any error, shows a blank page
- _not_ a broken image icon.
- Windows Image and Fax Viewer - no error, blank page with "No
preview available, did not hung.
3. Now, a strange, perverted fun - logged into the same XP with
admin rights - IE silently dies, nothing in Events Log.
4. Going now to local Macs, will post if there's anything of
I've got a feeling that it's not just an AIM problem. Aim higher
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/