AOL Instant Messenger vulnerable to a new Denial-of-Service attack ------------------------------------------------------------------------ SUMMARY AOL Instant Messenger has been contains a security vulnerability, where by providing a specially crafted filename it is possible to cause AIM to crash. This of course can be exploited remotely, causing a Denial of Service attack against a remote user. DETAILS Vulnerable systems: AOL Instant Messenger version 4.1.2010 AOL Instant Messenger is vulnerable to a DoS attack, caused by the fact that it does not handle file transfers with filenames containing %s. By sending a file called %s%s%s%s%s%s%s%s%s%s.jpg to a victim, an attacker can crash the remote AIM. There is an option in AIM to generate a warning before accepting messages or file transfers from people that aren't in your buddy list, but enabling this option only generates a warning, and does not stop the client from crashing. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
