AOL IM Client Security hole

Blind_Io

"Be The Match" Registered
DONOR
Joined
Apr 5, 2006
Messages
21,995
Location
Utah, USA
Car(s)
06 Nissan XTerra Off Road, 00 VFR800, 07 ST1300
http://blog.wired.com/27bstroke6/2007/09/aol-instant-mes.html

AOL's Instant Messaging software, both old and the new beta, contains a security hole that lets anyone who sends you a message to run arbitrary commands and exploit Internet Explorer without the user having to do anything, according to Ryan Naraine at Zero Day. The hole, first reported to AOL more than a month ago, will not be fixed until the middle of October for the millions of people using AOL's AIM client.
AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta client but, as I?ve confirmed in a test with security researcher Aviv Raff (see screenshot below), fully patched versions of the beta is still wide open to a nasty worm attack.
Production copies of the software, which sits on tens of millions of desktops around the world, are also unpatched.
Anyone running the software should uninstall it and use an alternative, such as a web-based client such as Meebo or a third-party IM client such as Trillian or Pidgin to use an AIM account.
 

chaos386

.sa = bad driver!
Joined
Nov 8, 2004
Messages
7,960
Location
Back in Saudia
Car(s)
SEAT Leon FR
Pidgin FTMFW. AIM, Yahoo, MSN, and Jabber, all in one client. And yes, I use all four of those protocols regularly.
 

MXM

I paid for this title
DONOR
Joined
Jun 9, 2004
Messages
5,627
Location
Finland
Pidgin FTMFW. AIM, Yahoo, MSN, and Jabber, all in one client. And yes, I use all four of those protocols regularly.
My experience with Pidgin using MSN weren't so great. Somehow my messages just didn't go through. Sometimes. Sometimes they did. Other party is online and I can see what he's writing, I reply and he doesn't see it.

Could be MSN, but trying Trillian immedialy after that, messages got through.
 

zeroSignal

Nerdcore
Joined
Jan 8, 2005
Messages
633
Location
Cybertron
Car(s)
2012 Golf TDI 140
Trillian FTW. :)

Been using it for a while now - file transfers can be dodgy sometimes, but otherwise, bloody great.
 

Redliner

Y'all got any lamps?
DONOR
Joined
May 19, 2005
Messages
22,661
Location
Lamp
Car(s)
I don't drive, I fly.
My experience with Pidgin using MSN weren't so great. Somehow my messages just didn't go through. Sometimes. Sometimes they did. Other party is online and I can see what he's writing, I reply and he doesn't see it.

Could be MSN, but trying Trillian immedialy after that, messages got through.
Indeed. Sometimes I just keep getting annoying messages, but most of the time it works fine.
 
Top