AIM vulnerability brings possibility of remote attack

By Derek Sooman on August 10, 2004, 12:19 PM
iDEFENSE, a security research and consulting company, has reported that AOL Instant Messenger has a previously undetected security flaw, and if left unpatched this could open up machines to remote attack.

"Oversized values passed to the "goaway" function of AIM's "aim:" URI handler may be used to overwrite the pointer to the Structured Exception Handler, which could then be used to execute code written by the attacker."

Apparently, the attack would manifest itself as a link in the instant messaging window, which when clicked would open the user up to the possibility of attack.

Better patch it before some anorak wearing, 30 stone guy who lives in his Mom's basement starts using this exploit to annoy us all.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.