Skip to main content /TECH with IDG.net
CNN.com /TECH
MAIN PAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW
SCI-TECH
SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
IN-DEPTH

VIDEO
LOCAL
CNN NEWSWATCH
E-MAIL SERVICES
CNNtoGO
ABOUT US/HELP

CNN TV
what's on
show transcripts
CNN Headline News
CNN International
askCNN

EDITIONS
CNN.com Asia
CNN.com Europe
CNNenEspanol.com
CNNArabic.com
set your edition





Security flaw found in AOL Instant Messenger

From...
 PC World
graphic

By Sam Costello

(IDG) -- A new security vulnerability in America Online's Instant Messenger program could allow an attacker to run a program on a user's computer.

AOL has fixed the vulnerability on its servers, however, so users need take no action to be protected, says Andrew Weinstein, a spokesperson for AOL. (AOL Time Warner is the parent company of CNN.com.)

The vulnerability came about as the result of a buffer overflow in the "add external application" component in AIM which allows users to share programs, says Weinstein.

AOL was notified of the bug about 10 days ago and fixed the flaw soon thereafter by making changes to its servers, Weinstein says. The company has had no reports of users being affected by the vulnerability, he says.

IDG.net INFOCENTER
IDG.net
Visit an IDG site


IDG.net search



Similar story

In early January the company was alerted to a similar vulnerability in AIM by the security group w00w00. That vulnerability, which is "reasonably similar" to Monday's issue, according to Weinstein, allowed a malicious user to send attack code via AIM's shared game feature. AOL also fixed that problem on its servers.

Despite the similarity in the two vulnerabilities, Weinstein downplays the idea that there are more far-reaching issues in AIM.

"There is a very limited range of potential similar areas of vulnerability," he says.


 
 
 
 



RELATED STORIES:
• Security group: AIM fix features flaw
January 10, 2002
• Security hole found in AOL Instant Messenger
January 2, 2002

RELATED IDG.net STORIES:
• AOL patches AIM security hole
(PCWorld.com)
• AOL confirms security hole in AIM
(PCWorld.com)
• Suggested AIM fix features security flaw
(PCWorld.com)
• Companies try customer-friendly IM
(Darwin)
• AOL launches e-mail and IM for AT&T M-Mode
(IDG.net)
• Tricky worm can spread via AIM, IRC
(PCWorld.com)
• AOL partners to extend reach of IM
(InfoWorld.com)
• LOL :) -- A guide to Internet lingo and emoticons
(PCWorld.com)

RELATED SITES:
• America Online, Inc.

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars
• New telemarketer tool trumps TeleZapper
• Terra Lycos logs $2.2B loss
• AOL to offer song downloads
• Microsoft seeks fiscal fountain of youth

(More)

 Search   

Back to the top
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.