COMMAND

    aol

SYSTEMS AFFECTED

    AOL 4.0

PROBLEM

    The A-TEAM in  their first advisory  discovered following.   There
    is  a  big  security  problem  in  America OnLine 4.x which allows
    anybody to remotely crash AOL 4.x software by sending Email  which
    AOL  software  does  not  know  how  to  handle and thus causes an
    invalid page fault in module AOLRICH.AOL!  The exploit in  essence
    is  too  send  a  email  message  to  a America OnLine user with a
    [ background ] image that has a 255 character name.  This could be
    created in America OnLine's own Email message composer or  perhaps
    in a Email  program that allows  HTML formatting.   There might be
    potential for remote execution of unauthorized code.

    America OnLine 4.x  software does a  good job by  warning the user
    before  opening  the  Email  message  that  the  evil message sent
    contains a picture that could cause trouble for the reader.

SOLUTION

    AOL should address this issue very soon.