{"vuid":"VU#735966","idnumber":"735966","name":"AOL Instant Messenger vulnerable to buffer overflow","keywords":["AOL","Instant Messenger","IM","buffer overflow","Away","goaway"],"overview":"A vulnerability in the AOL Instant Messenger (AIM) client could allow a remote attacker to execute arbitrary code on a victim system.","clean_desc":"AOL Instant Messenger (AIM) is an instant messaging system distributed by AOL Time Warner. A buffer overflow error exists in the way that some versions of the AIM client software handle AIM 'Away' messages. This error creates a vulnerability that can be exploited by remote attackers supplying overly long input to the goaway function of the aim: URI handler. Exploitation of this vulnerability requires an AIM user to click on a malicious URL supplied in an instant message or embedded in a web page.","impact":"An intruder may be able to execute arbitrary code on a vulnerable system. The intruder-supplied code would run with the privileges of the user running an instance of the vulnerable AIM client.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Workarounds AOL has published a bulletin (refer to the section titled \"AOL Instant Messenger URI Handler Buffer Overflow\") recommending the following workaround for this issue: Exploitation of aim: URI handler vulnerabilities can be prevented by removing the following key from the registry: HKEY_CLASSES_ROOT\\aim\nThe following script can be saved to a file with the .vbs extension and executed to automate the task of removing the relevant URI handler: Set WshShell = CreateObject(\"WScript.Shell\")\nWshShell.RegDelete \"HKCR\\aim\\\"\nNote that this workaround is specific to users of the AIM client software for the Windows operating system. Users are strongly encouraged to apply this workaround until a patched version of the AIM client software is available.","sysaffected":"","thanks":"The CERT/CC is aware of coincidental public disclosure of this issue by \nSecunia\n and \niDefense\n. Secunia credits Ryan McGeehan and Kevin Benes for reporting this issue and iDefense credits Matt Murphy.","author":"This document was written by Chad R Dougherty.","public":["http://secunia.com/advisories/12198/","http://www.idefense.com/application/poi/display?id=121&type=vulnerabilities","http://www.securitytracker.com/alerts/2004/Aug/1010901.html"],"cveids":["CVE-2004-0636"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-08-09T14:27:45Z","publicdate":"2004-08-09T00:00:00Z","datefirstpublished":"2004-08-10T14:49:28Z","dateupdated":"2004-08-31T21:08:44Z","revision":21,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"13","cam_impact":"19","cam_easeofexploitation":"9","cam_attackeraccessrequired":"15","cam_scorecurrent":"14.38003125","cam_scorecurrentwidelyknown":"17.506125","cam_scorecurrentwidelyknownexploited":"30.0105","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":14.38003125,"vulnote":null}