Vulnerability Description
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aol | Instant Messenger | 4.4 |
References
- http://online.securityfocus.com/archive/1/288980
- http://www.iss.net/security_center/static/9950.php
- http://www.securityfocus.com/bid/5492Exploit
- http://online.securityfocus.com/archive/1/288980
- http://www.iss.net/security_center/static/9950.php
- http://www.securityfocus.com/bid/5492Exploit
FAQ
What is CVE-2002-1953?
CVE-2002-1953 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name paramete...
How severe is CVE-2002-1953?
CVE-2002-1953 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1953?
Check the references section above for vendor advisories and patch information. Affected products include: Aol Instant Messenger.