URL Crash Bug in latest versions of AOL's Instant Messenger provides yet another way to launch Denial of Service attacks against AIM users.
b0d093f25cdfc5a5cf5093c931e96e78038a491983e30a01634c9d35c9777d2eDate: Mon, 19 Apr 1999 22:00:00 -0500
From: Adam Brown <mad@SKILL.ORG>
To: BUGTRAQ@netspace.org
Subject: AOL Instant Messenger URL Crash
There is a bug in the newer versions of AOL's Instant Messenger that will
cause the client to crash when exploited. All builds of version 2.0 that
I've tested seem to be vulnerable, although I have not done extensive
version testing. AOL was notified of this about two weeks ago. To exploit
this bug, send a hyperlink in this format: aim:addbuddy?=screenname
Have fun,
SpunOne
http://www.fazed.net
http://www.webzone.net
--------------------------------------------------------------------------
Date: Tue, 20 Apr 1999 16:24:02 -0400
From: Daniel Reed <djr@NARNIA.N.ML.ORG>
To: BUGTRAQ@netspace.org
Subject: Re: AOL Instant Messenger URL Crash
On Mon, 19 Apr 1999, Adam Brown wrote:
) There is a bug in the newer versions of AOL's Instant Messenger that will
) cause the client to crash when exploited. All builds of version 2.0 that
) I've tested seem to be vulnerable, although I have not done extensive
) version testing. AOL was notified of this about two weeks ago. To exploit
) this bug, send a hyperlink in this format: aim:addbuddy?=screenname
I just sent <a href="aim:addbuddy?=screenname">what does this show up as</a>?
to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I don't
know if you meant to say that the user had to click on it for the client to
crash, or if this is indeed different behaviour. I also just tried it with
"screenname" replaced with first her screenname, and then with mine, again
with no automatic reaction.
(sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM
2.0.996 user)
[15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what
does this show up as]?
[16:00:23] Friend <victim> has just logged off :(
[16:03:09] Friend <victim> is now online =)
[16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow
miaow] (don't click on that, I'm just testing something)
[16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth
er test...]
--
Daniel Reed <n@ml.org>
Many a false step is made by standing still...
--------------------------------------------------------------------------
Date: Tue, 20 Apr 1999 16:34:16 -0500
From: Adam Brown <mad@skill.org>
To: BUGTRAQ@netspace.org
Subject: Re: AOL Instant Messenger URL Crash
I'm sorry if I was unclear in my first post. The only way I've seen to
exploit this is to send someone a hyperlink in the form of
aim:addbuddy?=screenname and have them click on it. (replacing "screenname"
with an actual screen name seems to give the same result) You can also set
up a web page that will redirect your victim to a client crashing URL once
they've caught on to your evil little scheme. :p I set up an example of
this at http://www.fazed.net/poof for testing purposes, of course.
Adam Brown
SpunOne@IRC
http://www.fazed.net
http://www.webzone.net
--------------------------------------------------------------------------
Date: Wed, 21 Apr 1999 14:30:40 -0400
From: Eric L. Howard <elhoward@MARKL.COM>
To: BUGTRAQ@netspace.org
Subject: Re: AOL Instant Messenger URL Crash
I haven't been able to duplicate this on any 2.0.8* builds...I've tested about
15 different people and none in the 2.0.8* builds were affected.
All others tested were in the 2.0.9* build and died immediately, some causing
the user to have to reboot, all rendering AIM completly unable to be restarted
for several minutes after the Dr. Watson cleared on NT.
~ELH~
--------------------------------------------------------------------------
Date: Wed, 21 Apr 1999 18:14:59 -0700
From: Adam Herscher <adam@AXISPRODUCTIONS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: AOL Instant Messenger URL Crash
The problem could not be duplicated on AIM 2.0.813 (Windows 98) running IE
5.0 - Is it possible that this is in part a problem with IE 4.0?
Adam Herscher (ajh-)
--------------------------------------------------------------------------
Date: Wed, 21 Apr 1999 18:07:12 -0700
From: Adam Herscher <adam@AXISPRODUCTIONS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: AOL Instant Messenger URL Crash
>I'm sorry if I was unclear in my first post. The only way I've seen to
>exploit this is to send someone a hyperlink in the form of
>aim:addbuddy?=screenname and have them click on it. (replacing
"screenname"
>with an actual screen name seems to give the same result) You can also set
>up a web page that will redirect your victim to a client crashing URL once
>they've caught on to your evil little scheme. :p I set up an example of
>this at http://www.fazed.net/poof for testing purposes, of course.
>
>Adam Brown
>SpunOne@IRC
>http://www.fazed.net
>http://www.webzone.net
This doesn't seem to work on the Mac versions (tested 2.01.644)
Adam Herscher (ajh-)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed