AOL IM Client Security hole

Blind_Io · Sep 28, 2007

http://blog.wired.com/27bstroke6/2007/09/aol-instant-mes.html

AOL's Instant Messaging software, both old and the new beta, contains a security hole that lets anyone who sends you a message to run arbitrary commands and exploit Internet Explorer without the user having to do anything, according to Ryan Naraine at Zero Day. The hole, first reported to AOL more than a month ago, will not be fixed until the middle of October for the millions of people using AOL's AIM client.

AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta client but, as I?ve confirmed in a test with security researcher Aviv Raff (see screenshot below), fully patched versions of the beta is still wide open to a nasty worm attack.
Production copies of the software, which sits on tens of millions of desktops around the world, are also unpatched.

Anyone running the software should uninstall it and use an alternative, such as a web-based client such as Meebo or a third-party IM client such as Trillian or Pidgin to use an AIM account.

chaos386 · Sep 28, 2007

Pidgin FTMFW. AIM, Yahoo, MSN, and Jabber, all in one client. And yes, I use all four of those protocols regularly.

MXM · Sep 28, 2007

chaos386 said:
Pidgin FTMFW. AIM, Yahoo, MSN, and Jabber, all in one client. And yes, I use all four of those protocols regularly.

My experience with Pidgin using MSN weren't so great. Somehow my messages just didn't go through. Sometimes. Sometimes they did. Other party is online and I can see what he's writing, I reply and he doesn't see it.

Could be MSN, but trying Trillian immedialy after that, messages got through.

zeroSignal · Sep 28, 2007

Trillian FTW.

Been using it for a while now - file transfers can be dodgy sometimes, but otherwise, bloody great.

Top Geek · Sep 28, 2007

Harhar, serves you right for having anything to do with AOL.

Shadowness · Sep 28, 2007

epp_b said:
Harhar, serves you right for having anything to do with AOL.

X2!! :lol:

Mark355 · Sep 28, 2007

I'm still using AIM v.5.2.

Anything newer is just bloatware.

Viper007Bond · Sep 28, 2007

Trillian

Redliner · Sep 29, 2007

MXM said:
My experience with Pidgin using MSN weren't so great. Somehow my messages just didn't go through. Sometimes. Sometimes they did. Other party is online and I can see what he's writing, I reply and he doesn't see it.

Could be MSN, but trying Trillian immedialy after that, messages got through.

Indeed. Sometimes I just keep getting annoying messages, but most of the time it works fine.

phuckingduck · Oct 4, 2007

Viper007Bond said:
Trillian

^^^^

Thanks for the heads up though

AOL IM Client Security hole

Blind_Io

"Be The Match" Registered

chaos386

.sa = bad driver!

MXM

I paid for this title

zeroSignal

Nerdcore

Top Geek

Forum Addict

Shadowness

Well-Known Member

Mark355

Well-Known Member

Viper007Bond

Chicken Nugget Connoisseur

Redliner

Y'all got any lamps?

phuckingduck

is awesome!