Home / Culture and Society / Science and Technology / AOL IM ‘Away’ message flaw deemed critical

AOL IM ‘Away’ message flaw deemed critical

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

Source Info World

America Online (AOL) confirmed the existence of the software vulnerability in an AIM feature that allows users to post automatic replies, such as “I’m away” messages, to instant messages (IMs) that they receive. The company is planning to release a test version of the AIM client later this week that will fix the hole, said Andrew Weinstein, an AOL spokesman.

The security hole was discovered by iDefense Inc. of Reston, Virginia, a computer security intelligence company. A flaw in an AIM component called the “goaway” function allows an attacker to cause a buffer overrun on machines running AIM. Attackers could trigger the flaw by feeding a large amount of data to the goaway function, possibly using a URL (uniform resource locator) embedded in an instant message to the user.

About the Author

Robert T DeMarco is CEO of IP Group in Herndon VA. IP Group offers software communication tools for use on the Internet. These include: PowerTools, Watch Right, Always on Time and IM Frame. Mr. DeMarco is the author/editor of several Weblogs and is also a member of the High Tech Crimes Industry Association (HTCIA). Mr. DeMarco has university level and corporate training and teaching experience, spent 20 years on Wall Street, acted as CEO of a small software company, and is currently discovering the world of blogging.
Send me Email

Other Blogs and Resources

All American Investor Weblog

Robert T DeMarco

Watch Right Internet Crimes Against Children Weblog

Powered by

About All American Investor