AOL Instant Messenger远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106559 漏洞类型 未知
发布时间 2002-01-02 更新时间 2005-05-02
CVE编号 CVE-2002-0005 CNNVD-ID CNNVD-200201-025
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21196
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200201-025
|漏洞详情
AOLInstantMessenger(AIM)是一款实时信息交互系统。AIM在分析一个TLV(类别、长度、值)类型为0x2711的游戏请求存在漏洞,会引起缓冲区溢出,远程攻击者可以利用这个漏洞获得当前登陆用户的权限。值得注意的是现在AIM用户不能阻止该类型请求。AOL已经修改了他们的AIM服务器来防止这种攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/3769/info

AOL Instant Messenger (AIM) is a real time messaging service.

The vulnerability exists in the way that AIM parses a game request with a TLV (type, length, value) type of 0x2711. This type of game request is prone to a buffer overflow which could allow a remote user to obtain the same privileges of the user who is currently logged on.

It is important to note that there is currently no way for an AIM user to block this type of request.

**AOL has made modifications to their AIM servers to prevent this vulnerability from being exploited through their servers. However, the underlying problem still exists in the client software which could still be exploited using something similar to a man in the middle attack or if an attacker can bypass the filters on the AIM servers. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21196.tgz
|参考资料

来源:US-CERTVulnerabilityNote:VU#907819
名称:VU#907819
链接:http://www.kb.cert.org/vuls/id/907819
来源:XF
名称:aim-game-overflow(7743)
链接:http://xforce.iss.net/static/7743.php
来源:BID
名称:3769
链接:http://www.securityfocus.com/bid/3769
来源:BUGTRAQ
名称:20020102AIMaddendum
链接:http://www.securityfocus.com/archive/1/247944
来源:NTBUGTRAQ
名称:20020102w00w00onAOLInstantMessenger(seriousvulnerability)
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
来源:BUGTRAQ
名称:20020102w00w00onAOLInstantMessenger(seriousvulnerability)
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2
来源:NTBUGTRAQ
名称:20020102AIMaddendum
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198