AOL Instant Messenger远程缓冲区溢出漏洞

AOL Instant Messenger远程缓冲区溢出漏洞

漏洞ID 1106559 漏洞类型 未知
发布时间 2002-01-02 更新时间 2005-05-02
图片[1]-AOL Instant Messenger远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2002-0005
图片[2]-AOL Instant Messenger远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200201-025
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21196
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200201-025
|漏洞详情
AOLInstantMessenger(AIM)是一款实时信息交互系统。AIM在分析一个TLV(类别、长度、值)类型为0x2711的游戏请求存在漏洞,会引起缓冲区溢出,远程攻击者可以利用这个漏洞获得当前登陆用户的权限。值得注意的是现在AIM用户不能阻止该类型请求。AOL已经修改了他们的AIM服务器来防止这种攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/3769/info

AOL Instant Messenger (AIM) is a real time messaging service.

The vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.

It is important to note that there is currently no way for an AIM user to block this type of request.

**AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21196.tgz
|参考资料

来源:US-CERTVulnerabilityNote:VU#907819
名称:VU#907819
链接:http://www.kb.cert.org/vuls/id/907819
来源:XF
名称:aim-game-overflow(7743)
链接:http://xforce.iss.net/static/7743.php
来源:BID
名称:3769
链接:http://www.securityfocus.com/bid/3769
来源:BUGTRAQ
名称:20020102AIMaddendum
链接:http://www.securityfocus.com/archive/1/247944
来源:NTBUGTRAQ
名称:20020102w00w00onAOLInstantMessenger(seriousvulnerability)
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid;=1&A2;=ind0201&L;=ntbugtraq&F;=P&S;=&P;=72
来源:BUGTRAQ
名称:20020102w00w00onAOLInstantMessenger(seriousvulnerability)
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m;=100998295512885&w;=2
来源:NTBUGTRAQ
名称:20020102AIMaddendum
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid;=1&A2;=ind0201&L;=ntbugtraq&F;=P&S;=&P;=198

相关推荐: myServer 0.4.1 – Signal Handling Denial of Service

myServer 0.4.1 – Signal Handling Denial of Service 漏洞ID 1053960 漏洞类型 发布时间 2003-06-14 更新时间 2003-06-14 CVE编号 N/A CNNVD-ID N/A 漏洞平台 W…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享