CVE-2000-1093
published 2001-01-09CVE-2000-1093: Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.06%
94.1th percentile
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
| aol | instant_messenger | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
exploitdb·2000-12-12
CVE-2000-1093 AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/2118/info
AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.
This vulnerability exists in versions of AOL Instant previous to Messenger 4.3.2229. By sending a specially crafted URL ,using the 'aim:' protocol, comprised of 'goim' and 'screenname' parameters, it is possible for a remote user to overflow the buffer during a memory copy operation and execute arbitarary code.
It should be noted that the victim nee
Exploit-DB
Symantec pcAnywhere 9.0 - Weak Encryption
exploitdb·2000-04-06
CVE-2000-0300 Symantec pcAnywhere 9.0 - Weak Encryption
Symantec pcAnywhere 9.0 - Weak Encryption
---
// source: https://www.securityfocus.com/bid/1093/info
Symantec pcAnywhere is shipped by default with a weak encryption scheme that is used to encrypt username and password transmittal. Therefore, usernames and password can be retrieved by anyone sniffing the network in between the host computer running pcAnywhere and the NT domain controller.
Users of pcAnywhere can be authenticated with their NT domain username and password. In this case, the weakly encrypted transmitted authentication would be transmitted domain wide.
#include
#include
void main() {
char password[128];
char cleartext[128];
int i;
// input the sniffed hex values here
// Encrypted example of the 'aaaaa' password
password[0]=0xca;
password[1]=0xab;
password[2]=0xcb;
pas
No writeups or analysis indexed.
2001-01-09
Published