AOL Instant Mayhem

iDefense announced today a vulnerability in AOL Instant Messenger. It seems there is a buffer overflow in the Away Message feature which at best will cause a denial of service condition, at worst will allow an attacker to run code of their choice.
Since AIM hooks the browser allowing the user to use aim:// commands like http:// commands, this is exploitable by links you might follow and by remote websites.
When an I.T department loses control of its computers often the first sign is personal use IM clients showing up. Many companies don’t have the fortitude to fight that battle. Now as a result there is the potential for a network worm exploiting this vulnerability.