Critical AIM Flaw

by Rafael Hernandez on August 9, 2004 · 0 comments

InfoWorld has details on a bug in AOL’s Instant Messenger program which could allow unscrupulous individuals to run code on PCs. The flaw is in the program’s goaway function and so far can only be triggered by clicking a URL. That doesn’t sound like a very effective delivery method but it could, theoretically, require only one person to become a target which could then be used to send out the URL to their friends starting a vicious cycle.