Home > Security News > 'Highly critical' flaw in AOL Instant Messenger
Security News:
EMAIL THIS LICENSING & REPRINTS

'Highly critical' flaw in AOL Instant Messenger

By Bill Brenner, News Writer
09 Aug 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Windows versions of AOL Instant Messenger (AIM) contain a vulnerability attackers could use to compromise computers and launch arbitrary code. Dulles, Va.-based America Online Inc. recommends users upgrade to the latest beta version of AIM released this week.

"This is not a passive issue," said AOL spokesman Andrew Weinstein. "It requires the user to actively click onto a malicious URL supplied in an instant message or embedded in a Web page." Weinstein said the problem was first brought to the company's attention a month ago by Reston, Va.-based security firm iDefense Inc. The flaw was also discovered by another group of researchers and reported to Copenhagen, Denmark-based security firm Secunia.

Secunia issued an advisory calling the problem "highly critical" and said it was caused by a boundary error within the handling of "Away" messages that can be exploited to cause a stack-based buffer overflow.

"A malicious Web site can exploit this via the AIM URI handler by passing an overly long argument to the 'goaway?message' parameter," the advisory said. "Successful exploitation may allow execution of arbitrary code on a user's system when … a malicious Web site is visited with certain browsers." Thomas Kristensen, chief technology officer of Secunia, said the flaw could be exploited by any malicious Web site.

Kristensen said the vulnerability has been confirmed in version 5.5.3595 and that other versions may also be affected.

Weinstein said the updated beta version of AIM will be available via the AOL Instant Messenger portal at www.aim.com. In the meantime, he said iDefense has developed a workaround that involves removing the following key from the Windows Registry: HKEY_CLASSES_ROOTaim. He added that the following script can be saved to a file with the .vbs extension and executed to automate the task of removing the relevant URI handler: Set WshShell = CreateObject("WScript.Shell") WshShell.RegDelete "HKCRaim"

Additional information is in iDefense's advisory.

Tags: Secure IMVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts