CVE-2000-1094

AOL Instant Messenger <4.3.2229 - RCE

Title source: llm

Description

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Exploits (1)

exploitdb WRITEUP VERIFIED

by @stake · textremotewindows

https://www.exploit-db.com/exploits/20511

View Code ZIP pw:eip

References (4)

Core 4

Core References

Broken Link, Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_atstake

http://www.atstake.com/research/advisories/2000/a121200-1.txt

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/1692

Third Party Advisory mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97683774417132&w=2

Third Party Advisory mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97668265628917&w=2

Scores

EPSS 0.0601

EPSS Percentile 90.8%

Details

CWE

CWE-120

Status published

Products (1)

aol/aim < 4.3.2229

Published Jan 09, 2001

Tracked Since Feb 18, 2026