CVE-2000-1093

AOL Instant Messenger <4.3.2229 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1093. PoCs published by Joe Testa.

AI-analyzed exploit summary This exploit leverages a buffer overflow in AOL Instant Messenger (AIM) by crafting a malicious 'aim://' URL with an overly long 'screenname' parameter. Successful exploitation can lead to arbitrary code execution on the target system.

Description

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Joe Testa · textremotewindows
https://www.exploit-db.com/exploits/20510

This exploit leverages a buffer overflow in AOL Instant Messenger (AIM) by crafting a malicious 'aim://' URL with an overly long 'screenname' parameter. Successful exploitation can lead to arbitrary code execution on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AOL Instant Messenger versions prior to 4.3.2229
No auth needed
Prerequisites: AIM installed on the target system · Victim interaction (e.g., clicking a malicious link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2000/a121200-1.txt

Scores

EPSS 0.0806
EPSS Percentile 94.1%

Details

Status published
Products (12)
aol/instant_messenger 2.0_n
aol/instant_messenger 2.5.1366
aol/instant_messenger 2.5.1598
aol/instant_messenger 3.0.1470
aol/instant_messenger 3.0_n
aol/instant_messenger 3.5.1635
aol/instant_messenger 3.5.1670
aol/instant_messenger 3.5.1808
aol/instant_messenger 3.5.1856
aol/instant_messenger 4.0
... and 2 more
Published Jan 09, 2001
Tracked Since Feb 18, 2026