CVE-2002-0785

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0785
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
aol / instant_messenger	4.2	4.2.x
aol / instant_messenger	4.0	4.0.x
aol / instant_messenger	4.8.2646	4.8.2646.x
aol / instant_messenger	4.5	4.5.x
aol / instant_messenger	4.3	4.3.x
aol / instant_messenger	4.1.2010	4.1.2010.x
aol / instant_messenger	4.6	4.6.x
aol / instant_messenger	4.3.2229	4.3.2229.x
aol / instant_messenger	4.8.2616	4.8.2616.x
aol / instant_messenger	4.2.1193	4.2.1193.x
aol / instant_messenger	4.7	4.7.x
aol / instant_messenger	4.7.2480	4.7.2480.x
aol / instant_messenger	4.4	4.4.x
aol / instant_messenger	4.1	4.1.x

http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
http://www.iss.net/security_center/static/9058.php
http://www.kb.cert.org/vuls/id/259435
http://www.osvdb.org/5109
http://www.securityfocus.com/bid/4709

Vulnerability Database

290,020

CVE-2002-0785