SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Instant Messaging/IRC/Chat)  >  AOL Instant Messenger Vendors:  America Online, Inc.
AOL Instant Messenger (AIM) File Sharing Bug May Let Remote Users Silently Force Downloads
SecurityTracker Alert ID:  1005695
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 25 2002
Impact:  Modification of user information
Exploit Included:  Yes  
Description:  Infested Nexus reported a vulnerability in AOL Instant Messenger (AIM). A remote user can force a target user to silently download a file if file sharing is permitted, even if the target user does not accept the file.

It is reported that a remote user can send an arbitrary file with the name "[screen name].lst" to a target buddy user that has file sharing enabled. The target user's system will reportedly download the file automatically, regardless of whether they accept the download or not.

According to the report, the tests work on Microsoft Windows 9x systems but may not work on Windows NT systems, as Windows NT systems use a "listing.txt" file instead of a ".lst" file.
Impact:  A remote user can force a target user to download a file.
Solution:  No solution was available at the time of this entry.
Vendor URL:  aim.aol.com/ (Links to External Site)
Cause:  State error
Underlying OS:  Windows (Any)
Reported By:   Infested Nexus <InfestedNexus@adelphia.net>
Message History:   None.

 Source Message Contents
Date:  Sun, 24 Nov 2002 15:55:58 -0800
From:   Infested Nexus <InfestedNexus@adelphia.net>
Subject:  InfestedNexus presents a Major AIM vunerability

 


Infested Nexus presents a major AOL flaw! It is possible to send any file to a user
without them knowing if they have the "allow" option on the file sharing section checked.
Please give credit to Infested Nexus for this exploit.
 

AIM: Infested Nexus

E-mail: InfestedNexus@datathief.cjb.net

 

1.) Get file list from buddy (USERX.lst)

2.) Rename file that you want to send as USERX.lst

3.) Close connection and then choose send file

4.) Send the USERX.lst  -- They will automatically start downloading it even if they don’t
accept

 

*USERX = screen name of the user

 

During the tests that have been done the recipients of the files have been running
Windows9X - This may not work on NT based systems since
they seem to send a listing.txt file instead of an lst file.

 

   Performed On:

 

   Computer model:  [1x] AuthenticAMD Type 0 Family 6 Model 4 Stepping 2 Brand 0 1208 MHz

 Operating system:  Windows XP  (5.1.2600)

        Total RAM:  255 MB

       Video card:  GEForce2 MX 400 64MB DDRAM

       Sound card:  [01] SB Live! Wave Device (emu10k1m.sys)

Internet Provider:  Adelphia

      Web browser:  Internet Explorer 6.0.2800.1006.xpclnt_qfe.010827-1803

    Other details:  Recipients of hack were running Winows9X


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC