[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200506071535.j57FZa70043074@mailserver2.hushmail.com>
Date: Tue Jun 7 17:06:32 2005
From: auto447062 at hushmail.com (auto447062@...hmail.com)
Subject: RE: AOL AIM Instant Messenger Buddy Icon
"ateimg32.dll" DoS
>...The vulnerability exists within the GIF parser in
"ateimg32.dll"...
Tests:
1. W2k - all updates, logged in w/admin rights.
- Opening in Adobe Photoshop 5.5 (most standard plain vanilla
graphic parsers, I believe) - Photoshop hung without any error
messages.
- Firefox 1.0.4 - "broken image" icon
- IE 6.0.2800.1106 - blank page, no errors, but slow.
2. XP SP2 with all updates, logged in as local user with veeeeery
limited rights
- IrfanView 3.97 - "Invalid or unsupported GIF file" error
- IE 6.0.2900.2180 SP2does not return any error, shows a blank page
- _not_ a broken image icon.
- Windows Image and Fax Viewer - no error, blank page with "No
preview available, did not hung.
3. Now, a strange, perverted fun - logged into the same XP with
admin rights - IE silently dies, nothing in Events Log.
4. Going now to local Macs, will post if there's anything of
interest...
I've got a feeling that it's not just an AIM problem. Aim higher
%^)
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists