GEN:SID 1:1393
Message MISC AIM AddGame attempt
Summary This event is generated when exploit traffic is observed that attempts to cause a buffer overflow in a Windows host running America Online (AOL) Instant Messenger (AIM).
Impact Attempted user level access.  A successful attack may permit the execution of arbitrary code with the privileges of the user running AIM.
Detailed Information AIM can be used for message and file exchanges as well as to play games with other AIM users.  A buffer overflow exists in AIM game request code (AddGame) that may permit the execution of arbitrary code on a Windows client AIM host with the privileges of the user running AIM.  
Affected Systems Windows hosts running AIM 4.3 - 4.8.2616.
Attack Scenarios An attacker may craft a malformed AIM game request causing a buffer overflow, and potentially permitting the execution of arbitrary code with the privileges of the user running AIM.
Ease of Attack Simple. Exploit code is freely available.
Corrective Action -Workstation:
   Upgrade to version 2001B Beta v5.18 Build #3659 or later.

    or

   Go to Preferences in AIM -> Privacy ->
   In "Who can contact me" check "Allow only users on my Buddy List".

-Network:
   Block AIM traffic into and out of your network.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005

Bugtraq:
http://www.securityfocus.com/bid/3769
Rule References bugtraq: 3769
cve: 2002-0005
url: www.w00w00.org/files/w00aimexp/