Serious Security Hole Discovered in AIM

Researchers at Core Security Technologies have issued an advisory disclosing a vulnerability that could severely impact millions of registered AOL Instant Messenger (AIM) users. By exploiting this vulnerability, an attacker could remotely execute code on a user's computer and exploit Internet Explorer bugs without permission or interaction from the user.

"This vulnerability poses a significant security risk to millions of AIM users." said Iván Arce, CTO at Core Security Technologies. "Core Security has alerted AOL to this threat and has provided full technical details about the vulnerability so that they can address it in their products. Since we notified AOL, this vulnerability has emerged on several public bug-tracking websites. Therefore, we believe it is necessary to bring precise details about this issue to light immediately, so that AIM users and organizations using AIM can be made aware of the threat, assess their risk, and take the appropriate measures to ensure that they are protected."

The security flaw affects AIM 6.1, AIM Lite, AIM Pro and AIM 6.2 Beta. BigBlueBall recommends that you either downgrade to an non-vulnerable version (AIM 5.9) or upgrade to the latest beta (AIM 6.5). As an alternative, you can also use the web-based AIM Express, or a third-party web client such as Meebo.