CVE-2004-0636

AOL Instant Messenger <5.5.3595 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0636. PoCs published by Metasploit, John Bissell, mandragore, including Metasploit module exploits/windows/browser/aim_goaway.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in AOL Instant Messenger's 'goaway' URI handler via an SEH overwrite, allowing arbitrary code execution. The exploit is delivered via an HTML iframe with a maliciously crafted 'aim:goaway' URI.

Description

Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16525

This Metasploit module exploits a buffer overflow in AOL Instant Messenger's 'goaway' URI handler via an SEH overwrite, allowing arbitrary code execution. The exploit is delivered via an HTML iframe with a maliciously crafted 'aim:goaway' URI.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AOL Instant Messenger 5.5
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · AOL Instant Messenger 5.5 must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by John Bissell · cremotewindows
https://www.exploit-db.com/exploits/431

This exploit targets a buffer overflow vulnerability in AIM's away message handling. It uses a long string of 'A's to overwrite the return address and includes shellcode to execute arbitrary commands, with options for reverse shell connectivity.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AIM 5.5.3588, 5.5.3590 Beta, 5.5.3591, 5.5.3595
No auth needed
Prerequisites: Victim must open a maliciously crafted away message or visit a webpage/email containing the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mandragore · clocalwindows
https://www.exploit-db.com/exploits/395

This is a local exploit for AOL Instant Messenger (AIM) 5.5.3595 that leverages a buffer overflow vulnerability to execute arbitrary shellcode, resulting in a bind shell on port 1180. The exploit constructs a malicious URL and uses ShellExecute to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AOL Instant Messenger (AIM) 5.5.3595
No auth needed
Prerequisites: Local access to the target system · AIM 5.5.3595 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by skape · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/aim_goaway.rb

This Metasploit module exploits a buffer overflow in AOL Instant Messenger's 'goaway' URI handler via an HTTP server. It leverages SEH overwrite to achieve arbitrary code execution by sending a maliciously crafted 'aim:goaway' URI with an oversized 'message' parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AOL Instant Messenger 5.5
No auth needed
Prerequisites: Victim must visit a malicious link or be tricked into clicking it · AOL Instant Messenger 5.5 must be installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/735966
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16926
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12198/

Scores

EPSS 0.6602
EPSS Percentile 99.2%

Details

Status published
Products (3)
aol/instant_messenger 5.5
aol/instant_messenger 5.5.3415_beta
aol/instant_messenger 5.5.3595
Published Nov 23, 2004
Tracked Since Feb 18, 2026