Quantcast
Subscribe to magazine

Security Flaw Found in AOL Instant Messenger

AOL has already fixed vulnerability that could have allowed attackers to run code on user's PC.

Sam Costello, IDG News Service

  • 0 Yes
  • 0 No

A new security vulnerability in America Online's Instant Messenger program could allow an attacker to run a program on a user's computer.

AOL has fixed the vulnerability on its servers, however, so users need take no action to be protected, says Andrew Weinstein, a spokesperson for AOL.

The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, says Weinstein.

AOL was notified of the bug about 10 days ago and fixed the flaw soon thereafter by making changes to its servers, Weinstein says. The company has had no reports of users being affected by the vulnerability, he says.

Similar Story

In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to Monday's issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.

Despite the similarity in the two vulnerabilities, Weinstein downplays the idea that there are more far-reaching issues in AIM.

"There is a very limited range of potential similar areas of vulnerability," he says.

  • Recommend this story?
  • 0 Yes
    0 No
 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...

Sponsored Links