Vulnerability researchers are warning instant messaging
users to beware of flaws in AOL Instant Messenger (AIM), Trillian
and Yahoo Messenger attackers could exploit to run
malicious code on targeted machines or cause a denial of
service.
Nate Mcfeters, Billy Rios and Raghav Dube have released a
cross application scripting and uniform resource
identifier (URI) Uniform Resource Identifier exploitation
demonstration affecting AIM and Trillian. The researchers
said the flaws surface when specially crafted URIs using the
registered URI 'aim:' protocol are processed by the
application's 'aim.dll' library when a malicious URI is accessed
in a Web browser and passed to the application.
 |
| IM security: | IT pros look for ways to lock down IM: To
control growing IM threats, administrators are trying to limit
which programs can be used or ban the technology altogether. But
that's not always possible.
IM threats grow, response lags: Reports from
IMlogic and Akonix show that IM threats are growing while IT
shops are behind in their preparedness. In fact, many firms are
still totally unaware of just how much danger actually
exists.
How to block IM applications in the
enterprise: In this tip, security guru Mike Chapple
discusses how IM threatens the network and provides strategies
you can use to keep your network free of IM traffic.
Companies take IM threats seriously: Wesabe
is a brand new money management community, whose members share
tips on everything from saving on organic produce to knocking
down credit card
debts. |
|
| |
|
Danish vulnerability clearinghouse Secunia tested the research
and described two flaws in its
Trillian "aim://" URI Handler SA26086
advisory:
Secunia said that the aim:// URI handler does not verify certain
parts of the "aim://" URI before writing it into a file specified
via the unverified "ini=" parameter, Secunia explained, adding,
"This can be exploited to write a batch file into the Windows
'Start-up' folder that starts an attacker-defined application by
tricking a user into following a specially crafted 'aim://'
URI."
A boundary error also exists within the processing of "aim://"
URIs attackers could exploit to cause a buffer overflow by tricking
a user into following a specially crafted "aim://" URI.
Secunia confirmed these flaws could ultimately be used to run
malicious code on targeted computers.
Meanwhile, researcher Rajesh Sethumadhavan has released
advisory XD100002 regarding a vulnerability
attackers could exploit in Yahoo Messenger to launch malicious
code or cause a denial of service.
The application fails to perform adequate boundary checks on
user-supplied data, he said. Specifically, the problem is in the
"email address" text box of the address book.
Cupertino, Calif.-based Symantec Corp. offered customers of its
DeepSight threat management service a list of steps they can take
to minimize the threat. They include running all software as a
nonprivileged user with minimal access rights, deploying intrusion
detection systems to monitor network traffic for malicious
activity; not accepting or executing files from untrusted sources;
and implementing multiple redundant layers of security.