Monday, August 09, 2004

AOL IM 'Away' message flaw deemed critical


Computer security companies are warning users of America Online Inc.'s Instant Messenger (AIM) software that a serious security hole in the product could allow remote attackers to execute malicious code on computers that run the popular instant messaging software.

Source Info World

America Online (AOL) confirmed the existence of the software vulnerability in an AIM feature that allows users to post automatic replies, such as "I'm away" messages, to instant messages (IMs) that they receive. The company is planning to release a test version of the AIM client later this week that will fix the hole, said Andrew Weinstein, an AOL spokesman.

The security hole was discovered by iDefense Inc. of Reston, Virginia, a computer security intelligence company. A flaw in an AIM component called the "goaway" function allows an attacker to cause a buffer overrun on machines running AIM. Attackers could trigger the flaw by feeding a large amount of data to the goaway function, possibly using a URL (uniform resource locator) embedded in an instant message to the user.

About the Author

Robert T DeMarco is CEO of IP Group in Herndon VA. IP Group offers software communication tools for use on the Internet. These include: PowerTools, Watch Right, Always on Time and IM Frame. Mr. DeMarco is the author/editor of several Weblogs and is also a member of the High Tech Crimes Industry Association (HTCIA). Mr. DeMarco has university level and corporate training and teaching experience, spent 20 years on Wall Street, acted as CEO of a small software company, and is currently discovering the world of blogging.
Send me Email

Other Blogs and Resources

Watch Right Internet Crimes Against Children Weblog
Robert T DeMarco


No comments:

Post a Comment