| VID |
27336 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
Messenger |
| Detailed Description |
The AIM program, according to its version number, has an integer overflow vulnerability in its GIF parser. America Online AOL Instant Messenger (AIM) is a program that Internet users can use to chat and exchange files and images. AOL Instant Messenger versions 5.9.3797 and earlier are vulnerable to a integer overflow vulnerability in the GIF parser in the ateimg32.dll. By supplying a specially-crafted GIF file as a Buddy Icon, a remote attacker could cause a crash of the affected AIM client and potentially even execute arbitrary code remotely.
* Note: This check solely relied on the version number of the AIM installed on the remote Windows platform to assess this vulnerability, so this might be a false positive.
* References:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=2748
http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0061.html
* Platforms Affected:
AOL/Time Warner, AOL Instant Messenger versions 5.9.3797 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
-- OR --
Upgrade to the latest version of AIM (greater than 5.9.3797), when new version fixed this problem becomes available from the AOL Instant Messenger Web site at http://www.aim.com/get_aim/win/latest_win.adp?aolp= |
| Related URL |
CVE-2005-1891 (CVE) |
| Related URL |
13880 (SecurityFocus) |
| Related URL |
20920 (ISS) |
|
