AOL Instant Mayhem

By Roger on August 9, 2004 4:46 PM |

iDefense announced today a vulnerability in AOL Instant Messenger. It seems there is a buffer overflow in the Away Message feature which at best will cause a denial of service condition, at worst will allow an attacker to run code of their choice.

Since AIM hooks the browser allowing the user to use aim:// commands like http:// commands, this is exploitable by links you might follow and by remote websites.

When an I.T department loses control of its computers often the first sign is personal use IM clients showing up. Many companies dont have the fortitude to fight that battle. Now as a result there is the potential for a network worm exploiting this vulnerability.

Categories

Antivirus

About this Entry

This page contains a single entry by Roger published on August 9, 2004 4:46 PM.

The New Virus Blues was the previous entry in this blog.

Extending Group Policy is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search