Source Info World
America Online (AOL) confirmed the existence of the software vulnerability in an AIM feature that allows users to post automatic replies, such as “I’m away” messages, to instant messages (IMs) that they receive. The company is planning to release a test version of the AIM client later this week that will fix the hole, said Andrew Weinstein, an AOL spokesman.
The security hole was discovered by iDefense Inc. of Reston, Virginia, a computer security intelligence company. A flaw in an AIM component called the “goaway” function allows an attacker to cause a buffer overrun on machines running AIM. Attackers could trigger the flaw by feeding a large amount of data to the goaway function, possibly using a URL (uniform resource locator) embedded in an instant message to the user.
About the Author
Robert T DeMarco is CEO of IP Group in Herndon VA. IP Group offers software communication tools for use on the Internet. These include: PowerTools, Watch Right, Always on Time and IM Frame. Mr. DeMarco is the author/editor of several Weblogs and is also a member of the High Tech Crimes Industry Association (HTCIA). Mr. DeMarco has university level and corporate training and teaching experience, spent 20 years on Wall Street, acted as CEO of a small software company, and is currently discovering the world of blogging.
Send me Email
Other Blogs and Resources