Article

'Highly critical' flaw in AOL Instant Messenger

Bill Brenner

Windows versions of AOL Instant Messenger (AIM) contain a vulnerability attackers could use to compromise computers and launch arbitrary code. Dulles, Va.-based America Online Inc. recommends users upgrade to the latest beta version of AIM released this week.

"This is not a passive issue," said AOL spokesman Andrew Weinstein. "It requires the user to actively click onto a malicious URL supplied in an instant message or embedded in a Web page." Weinstein said the problem was first brought to the company's attention a month ago by Reston, Va.-based security firm iDefense Inc. The flaw was also discovered by another group of researchers and reported to Copenhagen, Denmark-based security firm Secunia.

Secunia issued an

    Requires Free Membership to View

advisory calling the problem "highly critical" and said it was caused by a boundary error within the handling of "Away" messages that can be exploited to cause a stack-based buffer overflow.

"A malicious Web site can exploit this via the AIM URI handler by passing an overly long argument to the 'goaway?message' parameter," the advisory said. "Successful exploitation may allow execution of arbitrary code on a user's system when … a malicious Web site is visited with certain browsers." Thomas Kristensen, chief technology officer of Secunia, said the flaw could be exploited by any malicious Web site.

Kristensen said the vulnerability has been confirmed in version 5.5.3595 and that other versions may also be affected.

Weinstein said the updated beta version of AIM will be available via the AOL Instant Messenger portal at www.aim.com. In the meantime, he said iDefense has developed a workaround that involves removing the following key from the Windows Registry: HKEY_CLASSES_ROOTaim. He added that the following script can be saved to a file with the .vbs extension and executed to automate the task of removing the relevant URI handler: Set WshShell = CreateObject("WScript.Shell") WshShell.RegDelete "HKCRaim"

Additional information is in iDefense's advisory.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: