AOL AIM 'sipXtapi.dll' Multiple Buffer Overflow Vulnerabilities

high Nessus Plugin ID 42304

Synopsis

The detected instant messenger client is affected by multiple buffer overflow vulnerabilities.

Description

AOL AIM is affected by multiple buffer overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the software or cause an application crash.

Solution

Upgrade to AOL AIM 6.8.7.7 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-08-097/

https://www.zerodayinitiative.com/advisories/ZDI-08-098/

Plugin Details

Severity: High

ID: 42304

File Name: aim_sip_buffer_overflow.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 10/29/2009

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:aol:aim

Required KB Items: AIM/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2008

Vulnerability Publication Date: 6/10/2008

Reference Information

BID: 36849