When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Highly critical exploit found in AOL Instant Messenger

Ryan McGeehan of TheBillyGoatCurse.com has reported a vulnerability in AOL Instant Messenger (AIM), which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1024 bytes). A malicious website can exploit this via the "aim:" URI handler by passing an overly long argument to the "goaway?message" parameter.

Successful exploitation may allow execution of arbitrary code on a user's system when e.g. a malicious website is visited with certain browsers.

The vulnerability has been confirmed in version 5.5.3595. Other versions may also be affected.

Various other issues were also reported, where a large amount of resources can be consumed on a user's system.

AOL was contacted but has not responded.

News source: Secunia

Report a problem with article
Next Article

TiVo tries rebate to lure subscribers

Previous Article

DC++ 0.4032

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment