The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Выпущена CD-версия OpenNet.RU для оффлайн просмотра.
Для формирования заказа - перейдите по ссылке
.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

AIM Exploits


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: 6 Oct 2001 19:13:52 -0000
From: Robbie Saunders <ihost@excite.com>
To: bugtraq@securityfocus.com
Subject: AIM Exploits

thanks to BlueJAMC for his post,
as a starter i'd like to correct some information about 
the comment crash, the reason you can't paste it is 
because it crashes the client, not because it's too 
big... if it was too big you wouldn't be able to send it 
an im. and it's been on aim filter and used by your 
average aim user since early august

the following exploits were found and implemented by 
Robbie Saunders, although i believe the file crash 
was used before me by `CodeDreamer`

3 other exploits:
1) Font Crash: windows aim stores recent font 
names for instant messages, and i found that by 
sending a lot of different fonts causes aim to pop up 
with a font error, and after messing around i 
discovered that lines "<HR>" crash the client (and in 
some cases the OS) after the error has popped up, 
making for a neat little crash if you send a few 
hundred fonts with a horizontal line tacked on the end 

2) File Crash: i'm not quite sure why this crashes the 
client, but if you send a file with a very large filename, 
the client crashes, and just closes on any nt based 
OS

3) Icon Crash: aim doesn't check incoming buddy 
icons to be under a certain height or width, so you 
can send an edited .gif file that may be 1k but claims 
to be very large (such as 10000x10000) and end up 
freezing the aim client for a large period of time, and 
on slow computers cause serious memory issues... i 
have tested with larger values (like 65kx65k) but it 
appears aim will pop up a memory buffer error 
instead of crashing... and apparently sending corrupt 
wav files will crash the client in the same manner

If you're on windows you can use the software i 
created to exploit these bugs (AIM Filter), it can be 
found at http://www.ssnbc.com/wiz/ in software>aim

aim filter is a local proxy that acts as both a server 
and client, meaning you can implement the 
crashes/features no matter what aim client you're on 
(and it's easy to use too, just type commands like 
aim.file.crash)

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList
RB2 Network. RB2 Network.