PUBLISHED DATE: August 12, 2002CVE-2002-0785:
Denial of Service Vulnerability

Description

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

Products

• AOL Instant Messenger 4.0
• AOL Instant Messenger 4.1.2010
• AOL Instant Messenger 4.1
• AOL Instant Messenger 4.2.1193
• AOL Instant Messenger 4.2
• AOL Instant Messenger 4.3.2229
• AOL Instant Messenger 4.3
• AOL Instant Messenger 4.4
• AOL Instant Messenger 4.5
• AOL Instant Messenger 4.6
• AOL Instant Messenger 4.7.2480
• AOL Instant Messenger 4.7
• AOL Instant Messenger 4.8.2616
• AOL Instant Messenger 4.8.2646

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-0785, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-0785 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-0785