neb_zero
Aug 10 2004, 02:33 PM
New AIM overflow expliot released on iDEFENSE and Secunia today.
From the iDEFENSE post:
| QUOTE |
The vulnerability specifically exists due to insufficient bounds
checking on user-supplied values passed to the 'goaway' function of the
AOL Instant Messenger 'aim:' URI handler. A long message buffer will
overwrite values stored on the stack and may be used to overwrite a
Structured Exception Handler (SEH) pointer as shown below:
0012E634 45454545
0012E638 46464646
0012E63C 47474747
0012E640 484808EB Pointer to next SEH record
0012E644 41414141 SE handler
Control of the SEH pointer allows for eventual execution of arbitrary
code. |
cheers,
NeB
Edit: This vulnerability has been around for a while, I realize, so if its been discussed here before I'm sorry. The advisories went public today as did the beta, so I was wondering if anyone had some example URLs to share with the community here at GSO. Slashdot got it first too,
here.
neb_zero
Aug 10 2004, 02:44 PM
So, after reading the comments on the Slashdot post I found an away message syntax.
| CODE |
aim:goaway?message=Anything+goes+here |
cheers,
NeB
Black_hat
Aug 10 2004, 03:17 PM
hi,
Orginial DEtailes , But This is not technical Information ...
http://www.packetstormsecurity.nl/0408-adv...Aim.DoS.8_9.pdfBlack_HAt
neb_zero
Aug 10 2004, 03:25 PM
That seems to put part of the blame on your browser as well, but I fail to see the correlation, as it is still an AIM issue. By reading this advisory are we to assume that it Internet Explorer users are actually in a safer position than users of other browsers?
cheers,
NeB
mortello
Aug 10 2004, 04:27 PM
| QUOTE (neb_zero @ Aug 10 2004, 03:25 PM) |
That seems to put part of the blame on your browser as well, but I fail to see the correlation, as it is still an AIM issue. By reading this advisory are we to assume that it Internet Explorer users are actually in a safer position than users of other browsers?
cheers,
NeB |
I don't think you could ever say that another browser is more vulnerable than explorer....that's until MS decides to make a new buggy browser maybe hehe
dw-chow
Aug 14 2004, 04:08 PM
| QUOTE (mortello @ Aug 10 2004, 04:27 PM) |
| QUOTE (neb_zero @ Aug 10 2004, 03:25 PM) | That seems to put part of the blame on your browser as well, but I fail to see the correlation, as it is still an AIM issue. By reading this advisory are we to assume that it Internet Explorer users are actually in a safer position than users of other browsers?
cheers,
NeB |
I don't think you could ever say that another browser is more vulnerable than explorer....that's until MS decides to make a new buggy browser maybe hehe
|
kind of funny, since IE became intergrated part of windows since 98. so if IE is vuln, so is the OS itself.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
