In-Reply-To: <000601c24b06$379e3f80$e62d1c41@kc.rr.com> >The previously reported AOL Instant Messenger heap overflow is restricted > to the "goim" handler. The unchecked escaping is performed on the > "screenname" query string parameter. The vulnerability is exploited > when the user clicks "Get Info" to request information on the buddy. > >AIM dies with an access violation when trying to execute 0x656C6261. As >there is nothing stored there, AIM faults and dies: What version of AIM is required for this? Does it happen in the latest 5.0.2916 beta (http://www.aim.com/get_aim/win/win_beta.adp) or in the 4.8.2790 GM version (http://ftp.newaol.com/aim/win95/Install_AIM.exe)?
