Security threat to AOL, Yahoo and Trillian IM applications

Vulnerability researchers say attackers could exploit flaws in AOL Instant Messenger, Trillian and Yahoo Messenger to run malicious code or cause a denial of service.

Vulnerability researchers are warning instant messaging users to beware of flaws in AOL Instant Messenger (AIM), Trillian and Yahoo Messenger attackers could exploit to run malicious code on targeted machines or cause a denial of service.

Nate Mcfeters, Billy Rios and Raghav Dube have released a cross application scripting and uniform resource identifier (URI) Uniform Resource Identifier exploitation demonstration affecting AIM and Trillian. The researchers said the flaws surface when specially crafted URIs using the registered URI 'aim:' protocol are processed by the application's 'aim.dll' library when a malicious URI is accessed in a Web browser and passed to the application.

IM security:
IT pros look for ways to lock down IM: To control growing IM threats, administrators are trying to limit which programs can be used or ban the technology altogether. But that's not always possible.

IM threats grow, response lags: Reports from IMlogic and Akonix show that IM threats are growing while IT shops are behind in their preparedness. In fact, many firms are still totally unaware of just how much danger actually exists.

How to block IM applications in the enterprise: In this tip, security guru Mike Chapple discusses how IM threatens the network and provides strategies you can use to keep your network free of IM traffic.

Companies take IM threats seriously: Wesabe is a brand new money management community, whose members share tips on everything from saving on organic produce to knocking down credit card debts.

Danish vulnerability clearinghouse Secunia tested the research and described two flaws in its Trillian "aim://" URI Handler SA26086 advisory:

Secunia said that the aim:// URI handler does not verify certain parts of the "aim://" URI before writing it into a file specified via the unverified "ini=" parameter, Secunia explained, adding, "This can be exploited to write a batch file into the Windows 'Start-up' folder that starts an attacker-defined application by tricking a user into following a specially crafted 'aim://' URI."

A boundary error also exists within the processing of "aim://" URIs attackers could exploit to cause a buffer overflow by tricking a user into following a specially crafted "aim://" URI.

Secunia confirmed these flaws could ultimately be used to run malicious code on targeted computers.

Meanwhile, researcher Rajesh Sethumadhavan has released advisory XD100002 regarding a vulnerability attackers could exploit in Yahoo Messenger to launch malicious code or cause a denial of service.

The application fails to perform adequate boundary checks on user-supplied data, he said. Specifically, the problem is in the "email address" text box of the address book.

Cupertino, Calif.-based Symantec Corp. offered customers of its DeepSight threat management service a list of steps they can take to minimize the threat. They include running all software as a nonprivileged user with minimal access rights, deploying intrusion detection systems to monitor network traffic for malicious activity; not accepting or executing files from untrusted sources; and implementing multiple redundant layers of security.

Read more on IT risk management