Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3Rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Serious AIM security hole

p2pnet news | Security:- Core Security Technologies is warning AOL Instant Messenger (AIM) users about a serious security breach.

“AOL has acknowledged the vulnerability and recommended users upgrade to the latest version of the AIM beta client, which is immune to the problem,” says SearchSecurity.com, going on:

“Specifically, an attacker could remotely execute code on a user’s computer and exploit Internet Explorer bugs without user interaction, said Iván Arce, Core’s chief technology officer. The vulnerabilities affect AIM 6.1 and 6.2 beta, AIM Pro and AIM Lite. Arce called it a serious threat to millions of AIM users.”

The vulnerability has already shown up on several public bug-tracking Web sites, according to Arce.

AIM users running vulnerable client software should switch to AIM version 5.9, the latest version of the AIM client 6.5 (which is still in beta), or the web-based AIM Express, SearchSecurity.com says, adding:

“The vulnerable AIM clients include support for enhanced message types that enable AIM users to use HTML (Hyper Text Markup Language) to customize text messages with specific font formats or colors, Arce said.

“An Internet Explorer object is embedded within AIM to render HTML, making for a rich user experience. Unfortunately, he said, it also makes it easy for attackers to take advantage of users because content isn’t properly sanitized.”

SlashdotSlashdot it! Add to Technorati Favorites

Also See:

SearchSecurity.com – Serious security flaw in AOL Instant Messenger, September 26, 2007

Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Wednesday, September 26th, 2007 at 10:11 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 7171 times

« previous Thinking about caving in to the RIAA?
Deadly mutant bugs from space next »

2 Responses to “Serious AIM security hole”

  1. The Angry Offender Says:
    September 26th, 2007 at 7:34 pm

    http://pidgin.im

    The universal solution to the gaping security issues in typical IM clients. :P

  2. Marco Feindler Says:
    January 5th, 2008 at 3:01 am

    Hihi, dein Eintrag Serious AIM security hole fand ich sehr intressant! Weiter so!

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
TekSavvy


Remove Spyware with AntiSpyware for Windows®