News

AOL Messenger hole could run code

A new security vulnerability in America Online 's Instant Messenger (AIM) program could allow an attacker to run a program on a user's computer.

AOL has fixed the vulnerability on its servers, however, so users need take no action, said Andrew Weinstein, a spokesman for AOL.

The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, said Weinstein.

AOL was notified of the bug about 10 days ago and fixed the flaw soon after by making changes to its servers, Weinstein said. The company has had no reports of users being affected by the vulnerability, he said.

In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to this issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.

Despite the similarity in the two vulnerabilities, Weinstein downplayed the idea that there are more far-reaching issues in AIM.

"There is a very limited range of potential similar areas of vulnerability," he said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy