AOL Messenger hole could run code

A new security vulnerability in America Online 's Instant Messenger (AIM) program could allow an attacker to run a program on a...

A new security vulnerability in America Online 's Instant Messenger (AIM) program could allow an attacker to run a program on a user's computer.

AOL has fixed the vulnerability on its servers, however, so users need take no action, said Andrew Weinstein, a spokesman for AOL.

The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, said Weinstein.

AOL was notified of the bug about 10 days ago and fixed the flaw soon after by making changes to its servers, Weinstein said. The company has had no reports of users being affected by the vulnerability, he said.

In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to this issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.

Despite the similarity in the two vulnerabilities, Weinstein downplayed the idea that there are more far-reaching issues in AIM.

"There is a very limited range of potential similar areas of vulnerability," he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Operating systems software

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close