[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS
- To:
- Subject: [Full-disclosure] RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS
- From: <auto447062@xxxxxxxxxxxx>
- Date: Tue, 7 Jun 2005 08:35:33 -0700
>...The vulnerability exists within the GIF parser in
"ateimg32.dll"...
Tests:
1. W2k - all updates, logged in w/admin rights.
- Opening in Adobe Photoshop 5.5 (most standard plain vanilla
graphic parsers, I believe) - Photoshop hung without any error
messages.
- Firefox 1.0.4 - "broken image" icon
- IE 6.0.2800.1106 - blank page, no errors, but slow.
2. XP SP2 with all updates, logged in as local user with veeeeery
limited rights
- IrfanView 3.97 - "Invalid or unsupported GIF file" error
- IE 6.0.2900.2180 SP2does not return any error, shows a blank page
- _not_ a broken image icon.
- Windows Image and Fax Viewer - no error, blank page with "No
preview available, did not hung.
3. Now, a strange, perverted fun - logged into the same XP with
admin rights - IE silently dies, nothing in Events Log.
4. Going now to local Macs, will post if there's anything of
interest...
I've got a feeling that it's not just an AIM problem. Aim higher
%^)
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/