Critical Bug Found in AOL's AIM

KingFishKingFish
edited August 2004 in Science & Tech
A buffer overflow flaw in America Online's flagship AIM instant messaging platform could put millions of users at risk of computer takeover, security researchers warned on Monday.
The vulnerability, first discovered by iDefense, could allow a malicious hacker to use the "Away Message" feature to take control of a user's machine. Secunia rates the flaw as "highly critical." AOL spokesman Andrew Weinstein confirmed the bug could be exploited on AIM versions 5.5 and lower. The company plans to release an update later this week to correct the issue. "The vulnerability specifically exists due to insufficient bounds checking on user-supplied values passed to the 'goaway' function of the AOL Instant Messenger 'aim:' URI handler. A long message buffer will overwrite values stored on the stack and may be used to overwrite a Structured Exception Handler (SEH) pointer," iDefense said in an alert.
Source: InternetNews

Comments

  • EMTEMT Seattle, WA Icrontian
    edited August 2004
    He made it clear that an exploit could only be successful if a user actively clicks on a URL in an instant message conversation.

    Whew, I was worried I'd have to upgrade from 4.7
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited August 2004
    Oh, I thought this was an article about AIM users.
Sign In or Register to comment.