CVE-2004-0636

AOL Instant Messenger <5.5.3595 - RCE

Title source: llm

Description

Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16525

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by John Bissell · cremotewindows

https://www.exploit-db.com/exploits/431

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by mandragore · clocalwindows

https://www.exploit-db.com/exploits/395

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by skape · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/aim_goaway.rb

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://secunia.com/advisories/12198/

[Patch, Vendor Advisory] http://www.idefense.com/application/poi/display?id=121&type=vulnerabilities

[US Government Resource] http://www.kb.cert.org/vuls/id/735966

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16926

Scores

EPSS 0.8044

EPSS Percentile 99.1%

Details

Status published

Products (3)

aol/instant_messenger 5.5

aol/instant_messenger 5.5.3415_beta

aol/instant_messenger 5.5.3595

Published Nov 23, 2004

Tracked Since Feb 18, 2026