So this isn't actually remotely exploitable at all since its within a dialog box that a local user must manually fill in?
Best Regards, sb On 3 Feb 2006 02:28:56 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > As I submitted to full disclosure: > > "I have discovered that there is a buffer overrun vulnerability in AOL's > Instant Messenger program. I have only tested this on version 5.9.3861. The > problem causes a minimum of a program crash. I am not sure as to the > posibility of shellcode execution. > > The vulnerability can be exploited by supplying an overly large username from > which to obtain "buddy info." > > If you are unsure as to what I am talking about, I can post a screenshot." > > Well, I made a Macromedia Captivate-made video of it. > http://www.dotshell.net/aim.swf. What I am thinking is that a program can be > written to write an overlong string and shellcode to the address effected and > execute the same operation to leverage the problem. >
