COMMAND

    AOL Instant Messenger

SYSTEMS AFFECTED

    AOL Instant Messenger

PROBLEM

    Adam Spun found following.  AOL Instant Messenger version 4.1.2010
    (others?) appears to be vulnerable  to a DoS attack when  handling
    file transfers with filenames containing %s.

    The problem  here encountered  is that  trying to  send a  file to
    crash my  victim's client  would cause  my client  to crash first,
    defeating the purpose.   To get around  this, Adam got  a copy  of
    the Netscape/AOL Instant Messenger client available on  Netscape's
    site which doesn't seem to be vulnerable to this bug.  He  created
    a  file  called  %s%s%s%s%s%s%s%s%s%s.jpg  and  sent  it as a file
    transfer to my victim, causing their client to crash  immediately.
    There is an option in  AIM to generate a warning  before accepting
    messages or file transfers from  people that aren't in your  buddy
    list.  Enabling this option did generate the warning, but did  not
    stop the client from crashing.

    Another interesting note is that creating a file named:

        %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s.jpg

    seems  to  do  funny  things  to  explorer.exe  in WinME (explorer
    crashes) and Win98 when trying to view the properties of the file.

SOLUTION

    Nothing yet.