Home > News

ADVERTISEMENT

News

[PSUs]

Monday 9th August 2004

Flaw found in AOL's Instant Messenger 3:26PM, Monday 9th August 2004

A highly critical vulnerability has been discovered in AOL's Instant Messenger.

Secunia reports that the flaw, discovered by Ryan McGeehan, may allow execution of arbitrary code on a user's system when, for example, a malicious website is visited with certain browsers.

'The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1,024 bytes). A malicious website can exploit this via the "aim:" URL handler by passing an overly long argument to the "goaway?message" parameter.'

The vulnerability has been confirmed in version 5.5.3595 but other versions may also be affected.

Secunia adds that various other issues were also reported, where a large amount of resources can be consumed on a user's system. AOL was contacted but has not responded.

Simon Aughton

Submit to: Digg | Slashdot | Del.icio.us | Technorati

Related News

AOL Offers

NUANCE Dragon NaturallySpeaking Preferred - ( v.

Upgrade from Dragon NaturallySpeaking Preferred Versions 8 or 9. Up to 99% accuracy - correct any recognition errors and the software updates your profile to enable better recognition accuracy. ...

pc world business

NUANCE Dragon NaturallySpeaking Preferred - ( v.

Create documents, reports and emails three times faster than most people type. Up to 99% accuracy - correct any recognition errors and the software updates your profile to enable better recogniti...

micro warehouse

Compare Broadband

Broadband?

Compare 50+ packages

Enter your postcode below:

Powered by:

Top 10 Broadband

Bookstore Top 5

Managing Successful Projects With Prince 2 2nd Edition
� 65.00

Windows Vista For Dummies
� 8.99

Laptops For Dummies
� 8.99

Brilliant Office 2007
� 10.49

Rough Guide to iPods, iTunes and Music Online 5th Edition
� 4.89

Latest News

› See more News

Hot Topics

Service and Reliability
PC Pro award winners 2008
PC Pro exclusive
Asus ships software cracker on recovery DVD
Listen now
What's on this week's PC Pro podcast?
Sign up today!
Join PC Pro on Facebook

› See more Hot topics

Columns

Prolog:

Tim Danton puts his safety at risk by standing between the internet bullies and Microsoft. › See full Opinion

› See more Columns

Research Papers

› See more Research Papers

Privacy Statement | Privacy Policy | Company Website | Contact Us | Media Information

© Copyright Dennis Publishing Limited licensed by Felden

Our Other Websites: Auto Express | Computer Buyer | Computer Shopper | Custom PC
Den of Geek | Den of Wii | Evo | Fortean Times | IT Pro | Know Your Mobile
London is Free | MacUser | Men's Fitness | Micro Mart | Mobile Computer
Octane | PC Pro | The First Post | iGizmo | Know your DSLR