AOL Instant Messenger Smiley图标位置远程拒绝服务攻击

AOL Instant Messenger Smiley图标位置远程拒绝服务攻击

漏洞ID 1108767 漏洞类型 边界条件错误
发布时间 2005-05-09 更新时间 2005-10-20
图片[1]-AOL Instant Messenger Smiley图标位置远程拒绝服务攻击-安全小百科CVE编号 CVE-2005-1655
图片[2]-AOL Instant Messenger Smiley图标位置远程拒绝服务攻击-安全小百科CNNVD-ID CNNVD-200505-1117
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25633
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1117
|漏洞详情
AOLInstantMessenger5.5.x及更早版本允许远程攻击者通过在字体标签的sml参数内的无效的表情符图标位置来发起拒绝服务攻击(客户端崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/13553/info

AOL Instant Messenger is reported prone to a remote denial of service vulnerability.

The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that contains 'smiley' HTML code that passes invalid data as the location of the 'smiley' icon.

Reports indicate that the issue manifests because of a buffer overflow condition this, however, is not confirmed.

A remote attacker may leverage this condition to crash a target AOL Instant Messenger client. Other attacks may also be possible. 

"DO NOT COPY AND PASTE OR IT WILL CRASH U" <fontsml=.>..<font sml= .></font>
|参考资料

来源:BID
名称:13553
链接:http://www.securityfocus.com/bid/13553

相关推荐: Canon GP300 Remote Malformed HTTP Get Denial Of Service Vulnerability

Canon GP300 Remote Malformed HTTP Get Denial Of Service Vulnerability 漏洞ID 1099967 漏洞类型 Failure to Handle Exceptional Conditions 发…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享