https://www.exploit-db.com/exploits/25633
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1117

AOLInstantMessenger5.5.x及更早版本允许远程攻击者通过在字体标签的sml参数内的无效的表情符图标位置来发起拒绝服务攻击(客户端崩溃)。

source: http://www.securityfocus.com/bid/13553/info

AOL Instant Messenger is reported prone to a remote denial of service vulnerability.

The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon.

Reports indicate that the issue manifests because of a buffer overflow condition this, however, is not confirmed.

A remote attacker may leverage this condition to crash a target AOL Instant Messenger client. Other attacks may also be possible. 

"DO NOT COPY AND PASTE OR IT WILL CRASH U" <fontsml=.>..<font sml= .></font>

来源:BID
名称:13553
链接:http://www.securityfocus.com/bid/13553