AOL Instant Messenger <= 4.3.2229 Multiple Overflows

High Nessus Network Monitor Plugin ID 1253


The remote host is vulnerable to a buffer overflow


The remote host is running AOL Instant Messenger (AIM). Version prior to and including 4.3.2229 contain buffer overflows in the code that processes AIM URLs. URLs containing "aim://" along with exceptionally long goim and screenname parameter strings may crash a remote AIM client provided the victim clicks on the link. A victim does NOT have to be running AIM for a remote attacker to exploit this vulnerability.


Upgrade to the latest version of AOL Instant Messenger.

Plugin Details

Severity: High

ID: 1253

File Name: 1253.prm

Published: 2004/08/20

Modified: 2016/01/22

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:ND


Base Score: 8.1

Temporal Score: 7.4


Temporal Vector: CVSS3#E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

CVE: CVE-2000-1094, CVE-2000-1093

BID: 2118, 2122