| CVE ID | |
| CVSS SCORE | |
| AFFECTED VENDORS |
America Online |
| AFFECTED PRODUCTS |
AIM |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AOL AIM. Successful exploitation requires the victim to accept a Video Messaging session with the attacker. The specific flaw exists in the SIP protocol implementation library, sipXtapi.dll. If a malformed RTCP sender report packet is sent, a memory corruption occurs due to a signedness error allowing the execution of arbitrary code. |
| ADDITIONAL DETAILS |
Fixed in AIM 6.8 client, version 6.8.7.7. |
| DISCLOSURE TIMELINE |
|
| CREDIT | wushi of team509 |
