AIM Buddy Icon Overflow Vulnerability

High Nessus Plugin ID 18432


The remote Windows host is susceptible to denial of service attacks.


According to the Windows registry, the version of AOL Instant Messenger install on the remote host has an integer overflow in its GIF parser, 'ateimg32.dll'. Using a specially crafted GIF file as a buddy icon, an attacker can reportedly crash the affected host.


Unknown at this time.

See Also

Plugin Details

Severity: High

ID: 18432

File Name: aim_buddy_icon_overflow.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2005/06/08

Modified: 2016/09/26

Dependencies: 18431

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: AIM/version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2005/06/07

Reference Information

CVE: CVE-2005-1891

BID: 13880

OSVDB: 17220