Description
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
Affected products
- AOL / instant_messenger4.0 – 4.0
- AOL / instant_messenger4.1 – 4.1
- AOL / instant_messenger4.2 – 4.2
- AOL / instant_messenger4.3 – 4.3
- AOL / instant_messenger4.3.2229 – 4.3.2229
- AOL / instant_messenger4.4 – 4.4
- AOL / instant_messenger4.5 – 4.5
- AOL / instant_messenger4.6 – 4.6
- AOL / instant_messenger4.7 – 4.7
- AOL / instant_messenger4.7.2480 – 4.7.2480
- cerulean_studios / trillian0.6351 – 0.6351
References
- MISChttp://www.kb.cert.org/vuls/id/507771
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7233
- MISChttp://www.kb.cert.org/vuls/id/JARL-56TPTN
- MISChttp://www.securityfocus.com/bid/3398
- MISChttp://www.securityfocus.com/archive/1/247707
- MISChttp://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html