Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

AOL IM Users Warned Of Security Risk


Security research group w00w00 reports a serious security flaw with version 4.7.2480 and beta version 4.8.2616.

By George V. Hulme
InformationWeek
January 2, 2002 12:00 AM

Security research group w00w00 is warning users of AOL Instant Messenger (AIM) about a serious security flaw. Version 4.7.2480 and beta version 4.8.2616 will allow remote attackers to gain access, according to the alert published Wednesday afternoon.

According to w00w00, the vulnerability arises from the way AIM handles a request to play a game. The attacker sends a malformed request to the target user, which causes a buffer overflow that enables the attacker to execute arbitrary code. W00w00 is warning that unless the vulnerability is fixed, it's quite possible all 100 million AIM users could be the target of a Code Red or Nimda-like worm that takes advantage of the application's weakness.

More Software Insights

White Papers

Webcasts

Reports

Videos


Startup Mulesource offers an open-source ESB for SOA architectures InformationWeek's Art Wittmann speaks with Tina Bean, the Sales & Marketing Director for VisiStat. VisiStat is a company that offers a software as a service application for web service analytics. Oracle SVP of Application Development, Jesper Andersen, on Key Trends in Software and Application Integration
InformationWeek's Art Wittmann speaks with Tina Bean, the Sales & Marketing Director for VisiStat. VisiStat is a company that offers a software as a service application for web service analytics.
"An exploit could easily be amended to download itself off the Web, determine the buddies of the victim, and then attack them also. Given the general nature of social networks and how they are structured, we predict that it wouldn't take long for such an attack to propagate," w00w00 wrote in its advisory.

The group recommends that users go into their AIM preferences and in the Privacy section select the "Allow Only Users on My Buddy List" option under "Who can contact me."

Security firm Vigilinx Inc. is warning that the vulnerability could cause "heavy damage." The firm recommends that AIM users turn the software off until AOL provides a fix. Businesses are encouraged not to run AIM on their systems and to remove any previously installed versions.

AOL was not available for comment.


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.