AOL has fixed the vulnerability on its servers, however, so users need take no action, said Andrew Weinstein, a spokesman for AOL.
The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, said Weinstein.
AOL was notified of the bug about 10 days ago and fixed the flaw soon after by making changes to its servers, Weinstein said. The company has had no reports of users being affected by the vulnerability, he said.
In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to this issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.
Despite the similarity in the two vulnerabilities, Weinstein downplayed the idea that there are more far-reaching issues in AIM.
"There is a very limited range of potential similar areas of vulnerability," he said.