AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.
2002-08-12T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | aol | instant_messenger | 4.0 | Yes |
| Application | aol | instant_messenger | 4.1 | Yes |
| Application | aol | instant_messenger | 4.1.2010 | Yes |
| Application | aol | instant_messenger | 4.2 | Yes |
| Application | aol | instant_messenger | 4.2.1193 | Yes |
| Application | aol | instant_messenger | 4.3 | Yes |
| Application | aol | instant_messenger | 4.3.2229 | Yes |
| Application | aol | instant_messenger | 4.4 | Yes |
| Application | aol | instant_messenger | 4.5 | Yes |
| Application | aol | instant_messenger | 4.6 | Yes |
| Application | aol | instant_messenger | 4.7 | Yes |
| Application | aol | instant_messenger | 4.7.2480 | Yes |
| Application | aol | instant_messenger | 4.8.2616 | Yes |
| Application | aol | instant_messenger | 4.8.2646 | Yes |