AOL Instant Messenger DLL Hijacking

AOL Instant Messenger DLL Hijacking: Posted Nov 27, 2010; Authored by APA IUTCERT; AOL Instant Messenger suffers from an insecure library loading vulnerability.; tags | advisory; SHA-256 | 4132874c3873800f60d1593e62509b208f4d705957970990f14f953540db03a6; Download | Favorite | View

AOL Instant Messenger DLL Hijacking

A vulnerability has been discovered in AOL Instant Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner.
Libraries list called is as follows:
•  dwmapi.dll
This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AIM or BLT  files located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in AOL Instant Messenger version 7.5.4.11 for Microsoft Windows XP Service Pack 3. Other versions may also be affected.

Top Authors In Last 30 Days

Red Hat 312 files
Ubuntu 65 files
Debian 25 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Milad Karimi 6 files
Google Security Research 5 files
Erdemstar 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,477)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,700)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,478)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

AOL Instant Messenger DLL Hijacking

AOL Instant Messenger DLL Hijacking

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AOL Instant Messenger DLL Hijacking

Share This

AOL Instant Messenger DLL Hijacking

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems