GEN:SID 1:1752
Message MISC AIM AddExternalApp attempt
Summary This event is generated when exploit traffic is observed that attempts to cause a buffer overflow in a Windows host running America Online (AOL) Instant Messenger (AIM).
Impact Attempted user level access.  A successful attack may permit the execution of arbitrary code with the privileges of the user running AIM.
Detailed Information AIM can be used for message and file exchanges as well as many other applications.  A buffer overflow exists in AIM code that requests external applications (AddExternalAPP) that may permit the execution of arbitrary code on a Windows client AIM host with the privileges of the user running AIM.  
Affected Systems Windows hosts running AIM 4.2 - 4.8.2616.
Attack Scenarios An attacker may craft a malformed AIM add external application request causing a buffer overflow, and potentially permitting the execution of arbitrary code with the privileges of the user running AIM.
Ease of Attack Simple. Exploit code is freely available.
Corrective Action -Workstation:
   Upgrade to version 2001B Beta v5.18 Build #3659 or later.

    or

   Go to Preferences in AIM -> Privacy ->
   In "Who can contact me" check "Allow only users on my Buddy List".

-Network:
   Block AIM traffic into and out of your network.  
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362

Bugtraq:
http://www.securityfocus.com/bid/4677
Rule References url: www.w00w00.org/files/w00aimexp/