COMMAND

    Instant message

SYSTEMS AFFECTED

    AOL3.0 16-bit Windows, AOL3.0 32-bit Windows, AOL4.0 Windows

PROBLEM

    'Invisible' posted following.  AOL's Instant message's uses  HTML.
    This  enables  there  customers  to  change  font  sizes,  colors,
    backgrounds, to suite  there tastes.   Well here is  where the bug
    comes into play.  All you simply have to do is send someone who is
    using a AOL version, that uses the <font> tagg, a instant  message
    of

        <font=9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999>

    A AOL  instant message  has to  be below  a certain character size
    that can fit in one message.  This goes beyond the valid size,  as
    well as being a invalid parameter for <font>.  It will cause  your
    AOL software to freak out, and a GPF will occur.  If your able  to
    stick more 9's in there, then do so.

    p00h elaborated problem that  AOL supports PARTIAL html,  its like
    win95's  implementation  of  tcp/ip  it  only supports parts of it
    there are several exploits  for this, rather then  include source,
    which would be useless for something that only requires 1 line  to
    be typed, it will be explained now.

    To crash through  instant messeges, send  an instant message  with
    the following text

        <a1><pre><a1><a1>

    you can send a few of these, this will freeze aol, causing  either
    a gpf, or reboot, this is because aol is recieving html, which  it
    recognizes, but cannot decide what to do with it

    To crash through mail, simply send a letter filled with

        <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

    This crashes aol, it does this because of the way aol handles html
    imagine that each < is a for loop, so every time there is a new <,
    thats another nested for loop, this jumps cpu utilization to 100%.

SOLUTION

    Convert back to a  older version of AOL  for Windows, like 2.5  or
    before.   Or, simply  reject any  Instant Messages  by useing  the
    $IM_OFF command.   Since Instant Messages  are a big  part of AOL,
    most people keep there Instant Messages turned on.