>> Gaim Away Message Heap Overflow and Denial of Service Issues
Title : Gaim Away Message Heap Overflow and Denial of Service Issues VUPEN ID : VUPEN/ADV-2005-1369 CVE ID : CVE-2005-2102 - CVE-2005-2103 CWE ID : CWE-
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-08-10
Technical Description
Two vulnerabilities were identified in Gaim, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service.
This first issue is due to a heap overflow error in the way Gaim processes away messages, which may be exploited by attackers to execute arbitrary commands by sending a specially crafted away message to a Gaim user logged into AIM or ICQ.
The second flaw is due to an error when sending a file with a non-utf8 filename to a user logged into AIM or ICQ, which could be exploited by attackers to cause a denial of service.
