| VID |
27335 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
Messenger |
| Detailed Description |
The AIM program, according to its version number, has a denial of service vulnerability via a smiley icon location. America Online AOL Instant Messenger (AIM) is a program that Internet users can use to chat and exchange files and images. AOL Instant Messenger versions 5.9.3702 and earlier are vulnerable to a denial of service vulnerability. This problem manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon. A remote attacker can exploit this vulnerability to crash a target AOL Instant Messenger client. Other attacks may also be possible.
* Note: This check solely relied on the version number of the AIM installed on the remote Windows platform to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
AOL/Time Warner, AOL Instant Messenger versions 5.9.3702 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
-- OR --
Upgrade to the latest version of AIM (greater than 5.9.3702), when new version fixed this problem becomes available from the AOL Instant Messenger Web site at http://www.aim.com/get_aim/win/latest_win.adp?aolp= |
| Related URL |
CVE-2005-1655 (CVE) |
| Related URL |
13553 (SecurityFocus) |
| Related URL |
(ISS) |
|
