AOL AIM SIPFoundry sipXtapi RTCP Processing Heap Overflow Vulnerability

CVE ID

Affected Vendors

America Online

Affected Products

AIM

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AOL AIM. Successful exploitation requires the victim to accept a Video Messaging session with the attacker.

The specific flaw exists in the SIP protocol implementation library, sipXtapi.dll. If a malformed RTCP sender report packet is sent, a memory corruption occurs due to a signedness error allowing the execution of arbitrary code.

Vendor Response

Fixed in AIM 6.8 client, version 6.8.7.7.

Disclosure Timeline

2007-12-11 - Vulnerability reported to vendor
2008-06-10 - Coordinated public release of advisory

Credit

wushi of team509

Published Advisories

ZDI-10-014: Microsoft

• published 2010-01-21

ZDI-10-013: Microsoft

• published 2010-01-21

ZDI-10-012: Microsoft

• published 2010-01-21

ZDI-10-011: Microsoft

• published 2010-01-21

ZDI-10-010: RealNetworks

• published 2010-01-21

Upcoming Advisories

Hewlett-Packard

• reported 2010-02-02, 6 days ago

Hewlett-Packard

• reported 2010-02-02, 6 days ago

Hewlett-Packard

• reported 2010-02-02, 6 days ago

Hewlett-Packard

• reported 2010-02-02, 6 days ago

RealNetworks

• reported 2010-02-02, 6 days ago

Recent Press

Microsoft, Google split over browser bug bounty

• published 2010-02-09, CNet News

Zero-day vulnerabilities on the market

• published 2010-02-08, Help Net Security

Barriers Remain for Bug Bounty Bait

• published 2010-02-05, ZDNet Asia

Google to pay bounties for Chrome browser bugs

• published 2010-01-29, Computer World

Google Attack Highlights 'Zero-Day' Black Market

• published 2010-01-28, The NY Times