Vulnerability Details CVE-2002-0785
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
- http://www.iss.net/security_center/static/9058.php
- http://www.kb.cert.org/vuls/id/259435
- http://www.osvdb.org/5109
- http://www.securityfocus.com/bid/4709
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
- http://www.iss.net/security_center/static/9058.php
- http://www.kb.cert.org/vuls/id/259435
- http://www.osvdb.org/5109
- http://www.securityfocus.com/bid/4709
Products affected by CVE-2002-0785
-
cpe:2.3:a:aol:instant_messenger:4.0
-
cpe:2.3:a:aol:instant_messenger:4.1
-
cpe:2.3:a:aol:instant_messenger:4.1.2010
-
cpe:2.3:a:aol:instant_messenger:4.2
-
cpe:2.3:a:aol:instant_messenger:4.2.1193
-
cpe:2.3:a:aol:instant_messenger:4.3
-
cpe:2.3:a:aol:instant_messenger:4.3.2229
-
cpe:2.3:a:aol:instant_messenger:4.4
-
cpe:2.3:a:aol:instant_messenger:4.5
-
cpe:2.3:a:aol:instant_messenger:4.6
-
cpe:2.3:a:aol:instant_messenger:4.7
-
cpe:2.3:a:aol:instant_messenger:4.7.2480
-
cpe:2.3:a:aol:instant_messenger:4.8.2616
-
cpe:2.3:a:aol:instant_messenger:4.8.2646