AIM: Fix for AOL Instant Messenger Hack and Buffer Overflow

Contributor Icon Contributed by MickeyMouse Date Icon August 10, 2004  
Tag Icon Tagged: Instant messaging

This recipe describes the fix for the new AIM buffer overflow exploit.


All current versions of AIM have a potential buffer overflow that would allow a hacker to execute arbitrary code on a machine that has AIM installed. The hack involes overflowing the aim:goaway URI handler.

This tip describes the goaway hyperlinking code in more detail.

Warning: This recipe involves editing your registry. Please backup your registry and system before following this recipe.

To block the overflow:

    1. Click on Start
    2. Click on Run
    3. Type regedit and click ok
    4. In the regedit box click on HKEY_CLASSES_ROOT
    5. Scroll down and single left click on .aim to select it
    6. Right click on .aim and select delete from the context menu
    7. Confirm the deletion
    8. Reboot

This will break the ability to use hypertext commands to control AIM. Who the heck really uses that anyway?

A new beta version that fixes this exploit should be released soon. I display that information when it is released.

Previous recipe | Next recipe |
 

 
close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus