Phantasm66
Posts: 4,909 +8
iDEFENSE, a security research and consulting company, has reported that AOL Instant Messenger has a previously undetected security flaw, and if left unpatched this could open up machines to remote attack.
"Oversized values passed to the "goaway" function of AIM's "aim:" URI handler may be used to overwrite the pointer to the Structured Exception Handler, which could then be used to execute code written by the attacker."
Apparently, the attack would manifest itself as a link in the instant messaging window, which when clicked would open the user up to the possibility of attack.
Better patch it before some anorak wearing, 30 stone guy who lives in his Mom's basement starts using this exploit to annoy us all.
"Oversized values passed to the "goaway" function of AIM's "aim:" URI handler may be used to overwrite the pointer to the Structured Exception Handler, which could then be used to execute code written by the attacker."
Apparently, the attack would manifest itself as a link in the instant messaging window, which when clicked would open the user up to the possibility of attack.
Better patch it before some anorak wearing, 30 stone guy who lives in his Mom's basement starts using this exploit to annoy us all.
