Highly critical exploit found in AOL Instant Messenger

Ryan McGeehan of TheBillyGoatCurse.com has reported a vulnerability in AOL Instant Messenger (AIM), which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1024 bytes). A malicious website can exploit this via the "aim:" URI handler by passing an overly long argument to the "goaway?message" parameter.

Successful exploitation may allow execution of arbitrary code on a user's system when e.g. a malicious website is visited with certain browsers.

The vulnerability has been confirmed in version 5.5.3595. Other versions may also be affected.

Various other issues were also reported, where a large amount of resources can be consumed on a user's system.

AOL was contacted but has not responded.

News source: Secunia

Report a problem with article
Previous Story

DC++ 0.4032

Next Story

TiVo tries rebate to lure subscribers

0 Comments - Add comment