Jeff Hester
August 10, 2004
Infoworld is reporting that security companies have found a serious security hole in AOL Instant Messenger that could allow remote attackers to execute malicious code on computers running AIM.
AOL has confirmed the vulnerability in their "Away Message" functionality. A flaw in an AIM component called the "goaway" function allows an attacker to cause a buffer overrun on machines running AIM. Attackers could trigger the flaw by feeding a large amount of data to the goaway function possibly using a URL embedded in an instant message to the user.
All known versions of AIM for Windows are affected. If successfully exploited, the AIM away message vulnerability would allow remote attackers to run code with the priviledges of the user who launched the AIM application, according to iDEFENSE, the computer security firm that first reported the vulnerability.
Add your comments
08-10-2004, 01:00 AM
Similar Topics
