AOL Instant Messenger DLL Hijacking

AOL Instant Messenger DLL Hijacking: Posted Nov 27, 2010; Authored by APA IUTCERT; AOL Instant Messenger suffers from an insecure library loading vulnerability.; tags | advisory; SHA-256 | 4132874c3873800f60d1593e62509b208f4d705957970990f14f953540db03a6; Download | Favorite | View

AOL Instant Messenger DLL Hijacking

A vulnerability has been discovered in AOL Instant Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner.
Libraries list called is as follows:
•  dwmapi.dll
This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AIM or BLT  files located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in AOL Instant Messenger version 7.5.4.11 for Microsoft Windows XP Service Pack 3. Other versions may also be affected.

Top Authors In Last 30 Days

Red Hat 267 files
indoushka 169 files
Jay Turla 150 files
Ubuntu 71 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,591)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,312)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,885)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,861)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

AOL Instant Messenger DLL Hijacking

AOL Instant Messenger DLL Hijacking

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AOL Instant Messenger DLL Hijacking

Share This

AOL Instant Messenger DLL Hijacking

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems