TechTarget

AOL Messenger hole could run code

A new security vulnerability in America Online 's Instant Messenger (AIM) program could allow an attacker to run a program on a...

A new security vulnerability in America Online 's Instant Messenger (AIM) program could allow an attacker to run a program on a user's computer.

AOL has fixed the vulnerability on its servers, however, so users need take no action, said Andrew Weinstein, a spokesman for AOL.

The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, said Weinstein.

AOL was notified of the bug about 10 days ago and fixed the flaw soon after by making changes to its servers, Weinstein said. The company has had no reports of users being affected by the vulnerability, he said.

In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to this issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.

Despite the similarity in the two vulnerabilities, Weinstein downplayed the idea that there are more far-reaching issues in AIM.

"There is a very limited range of potential similar areas of vulnerability," he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close