ZDNet UK - Where Technology Means Business

ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

'Critical security hole' found in AOL IM

Graeme Wearden ZDNet.co.uk

Published: 10 Aug 2004 11:15 BST

Two security companies have both claimed that AOL's Instant Messenger application contains a serious vulnerability that could allow malicious hackers to take control of a user's PC.

According to Secunia and Internet Security Systems, there is a flaw in the "away" function of AOL IM, which allows users to show their friends that they're not at their computer.

"The vulnerability is caused due to a boundary error within the handling of 'Away' messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long 'Away' message (about 1,024 bytes). A malicious Web site can exploit this via the 'aim:' URI handler by passing an overly long argument to the 'goaway?message' parameter," reported Secunia. Secunia described the vulnerability as "highly critical".

Once the buffer overflow has been executed a malicious hacker could then direct the client PC to a Web site where more code could be downloaded.

Secunia has said that an updated version of AOL IM that isn't vulnerable to this flaw will be made available, but no details of this were visible on AOL's Web site at the time of writing.

AOL UK was not immediately able to supply more information.

Did you find this article useful?
60 out of 100 people found this useful

Full Talkback thread

3 comments

man AOL sucks.. Anonymous
AOL A= ALWAYS O= OFF L=LINE Anonymous
So really what's new here? As usual AOL foists bad... Lars Tetens

Related Links

Most Recent
Most Popular
Most Discussed

More In Security threats

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

IT SAP MANAGER, SUPPLY CHAIN SYSTEMS MIDDLESEX C90K PACKAGE

SAP Supply Chain and Logistics Business Analyst

Power Supply Engineer, Mosfets, Newcastle, 40,000

Install Flash Player Plugin

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Skip Sub Navigation Links to CNET Brand Links

About CNET Networks UK

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved