
[ http://www.rootshell.com/ ]

From no@mcs.net Mon Jun  1 08:58:05 1998
Date: Mon, 01 Jun 1998 10:45:45 -0500
From: Invisi <no@mcs.net>
To: info@rootshell.com
Subject: AOL for Windows DoS/Exploit

Well.. I thought this was something that some of you might get a kick out
of... as well as informative.  I also havent seen this on any other sites. 
here's the stuff...

Tested on: AOL3.0 16-bit Windows, AOL3.0 32-bit Windows, AOL4.0 Windows

Problem:

AOL's Instant message's uses HTML.  This enables there customers to change
font sizes, colors, backgrounds, to suite there tastes.  Well here is where
the bug comes into play.  All you simply have to do is send someone who is
useing a AOL version, that uses the <font> tagg, a instant message of

<font =
9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999>

A AOL instant message has to be below a certain character size that can fit
in one message.  This goes beyond the valid size, as well as being a invalid
parameter for <font>.  It will cause your AOL software to freak out, and a
GPF will occur.  If your able to stick more 9's in there, then please do.

Fix: 

Convert back to a older version of AOL for Windows, like 2.5 or before.  Or,
simply reject any Instant Messages by useing the $IM_OFF command.  Since
Instant Messages are a big part of AOL, most people keep there Instant
Messages turned on.

- Invisible
