'Highly critical' flaw in AOL Instant Messenger

By Bill Brenner, News Writer 09 Aug 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Windows versions of AOL Instant Messenger (AIM) contain a vulnerability attackers could use to compromise computers and launch arbitrary code. Dulles, Va.-based America Online Inc. recommends users upgrade to the latest beta version of AIM released this week.

"This is not a passive issue," said AOL spokesman Andrew Weinstein. "It requires the user to actively click onto a malicious URL supplied in an instant message or embedded in a Web page." Weinstein said the problem was first brought to the company's attention a month ago by Reston, Va.-based security firm iDefense Inc. The flaw was also discovered by another group of researchers and reported to Copenhagen, Denmark-based security firm Secunia.

Secunia issued an advisory calling the problem "highly critical" and said it was caused by a boundary error within the handling of "Away" messages that can be exploited to cause a stack-based buffer overflow.

"A malicious Web site can exploit this via the AIM URI handler by passing an overly long argument to the 'goaway?message' parameter," the advisory said. "Successful exploitation may allow execution of arbitrary code on a user's system when … a malicious Web site is visited with certain browsers." Thomas Kristensen, chief technology officer of Secunia, said the flaw could be exploited by any malicious Web site.

Kristensen said the vulnerability has been confirmed in version 5.5.3595 and that other versions may also be affected.

Weinstein said the updated beta version of AIM will be available via the AOL Instant Messenger portal at www.aim.com. In the meantime, he said iDefense has developed a workaround that involves removing the following key from the Windows Registry: HKEY_CLASSES_ROOTaim. He added that the following script can be saved to a file with the .vbs extension and executed to automate the task of removing the relevant URI handler: Set WshShell = CreateObject("WScript.Shell") WshShell.RegDelete "HKCRaim"

Additional information is in iDefense's advisory.

Tags: IM Security Issues, Risks and Tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greynet  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary