Re: AOL IM 4.7 d0s 0-Day

From: Tony Lambiris (methodic@slartibartfast.angrypacket.com)
Date: 10/02/01

• Previous message: dullien@gmx.de: "Re: .com"
• In reply to: Matthew Sachs: "Re: AOL IM 4.7 d0s 0-Day"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 2 Oct 2001 11:33:01 -0700
From: Tony Lambiris <methodic@slartibartfast.angrypacket.com>
To: Matthew Sachs <matthewg@zevils.com>
Subject: Re: AOL IM 4.7 d0s 0-Day
Message-ID: <20011002113301.A16832@slartibartfast.angrypacket.com>

Proof of concept code up at http://sec.angrypacket.com

check under the "code" section.

On 10.01.01, Matthew Sachs <matthewg@zevils.com> wrote:
> I just saw this with my custom AIM client. It's an IM consisting of
> a repeated sequence of "<!-- " (sans quotes). I tested it against
> WinAIM 4.7.2480 and it does indeed produce the crash you described.
>
> --
> Matthew Sachs, the original nonstandard deviant
> matthewg@zevils.com http://www.zevils.com/
> GPG key: 0x600A0342 PGP key: 0x93EA1151

-- 
Tony Lambiris [methodic@slartibartfast.angrypacket.com]
   http://www.openbsd.org && http://www.openssh.com
       "Anyone who truly understands the power 
         of UNIX wouldn't use anything else."

---

• Previous message: dullien@gmx.de: "Re: .com"
• In reply to: Matthew Sachs: "Re: AOL IM 4.7 d0s 0-Day"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2001-10