Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0636 | First vendor Publication | 2004-11-23 |
Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0636 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2004-09-02 | AOL Instant Messenger AIM "Away" Message Remote Exploit |
2004-08-14 | AOL Instant Messenger AIM "Away" Message Local Exploit |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
8398 | AOL Instant Messenger (AIM) aim:goaway URI Handler goaway Function Away Messa... A remote overflow exists in AOL Instant Messenger. Instant Messenger fails to correctly limit the size of the value passed to the goaway function in the away feature resulting in a buffer overflow. A malicous user can create a specially crafted URI link that uses the 'aim:' handler and a long message value for the goaway parameter and post the link to a webpage or email. When a victim clicks on this link, or views an html document that invokes this link (such as <iframe>), the code included in the malicious URI may overwrite a Structured Exception Handler pointer which may be used to insert arbitrary code onto the stack. Once on the stack, the arbitrary code could then be executed resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-04 | AOL Instant Messenger goaway message buffer overflow attempt RuleID : 32370-community - Revision : 3 - Type : SERVER-OTHER |
2014-12-04 | AOL Instant Messenger goaway message buffer overflow attempt RuleID : 32370 - Revision : 3 - Type : SERVER-OTHER |
2014-01-10 | AOL Instant Messenger goaway message buffer overflow attempt RuleID : 3085-community - Revision : 13 - Type : SERVER-OTHER |
2014-01-10 | AOL Instant Messenger goaway message buffer overflow attempt RuleID : 3085 - Revision : 13 - Type : SERVER-OTHER |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:22 |
|
2021-04-22 01:02:31 |
|
2020-05-23 13:16:44 |
|
2020-05-23 00:15:50 |
|
2017-07-11 12:01:28 |
|
2016-04-26 12:51:44 |
|
2014-12-04 21:28:59 |
|
2014-11-04 21:24:37 |
|
2014-01-19 21:22:15 |
|
2013-05-11 11:42:11 |
|