Friday, August 13, 2004

AIM Beta Fixes Security Hole

AIM Beta Fixes Security Hole:
"America Online Inc. has released a beta version of AOL Instant Messenger that fixes a critical security hole that could open users to remote attack.

As previously reported, AOL had promised to fix the vulnerability in an upgraded version of AIM. On Tuesday, it made a test version of AIM 5.9 available for download.

http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599"

Security researchers had found that AIM 5.5 for Windows, and possibly earlier versions, was vulnerable to an attacker executing arbitrary code.

An attacker could initiate a buffer overflow through AIM's "Away" feature if a user were to click on a malicious link sent in an instant message. The "Away" features allows AIM users to send automatic messages about their presence status.

AOL spokesman Andrew Weinstein said the Dulles, Va., company knew of no active exploits of the vulnerability. Security research company iDEFENSE Inc., which put out an advisory this week, had informed AOL of the issue about a month ago, giving AOL an opportunity to plug the hole, Weinstein said.

The fix also will be incorporated into the full release of AIM 5.9, which a spokeswoman said is expected in early fall.

http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)