The Register®

Biting the hand that feeds IT

AOL bungs buddy-list security hole

Now that's what we call service

By Thomas C Greene in Washington DCGet more from this author

Posted in Security, 3rd January 2002 22:29 GMT

Barely more than a day after an exploit concerning the Windows versions of AOL's Instant Messenger (AIM) was circulated, AOL says it's managed to fix its network. Users are now safe, and need not lift a finger with downloads or patches, the company says.

The hole made it possible to exploit the way AIM processes games requests, using a buffer overrun attack to take control of a victim's Windows box. It was discovered by security research group w00w00, which developed a harmless working exploit, which in turn inspired AOL to take action immediately. ®

Related Story

AIM gives up control of Windows machines

Free Report - "High-level Best Practices in Software Configuration Management: How to deploy SCM software to the maximum advantage"

Unfriendly ghosts

The expense of defence

Judge Dredd shotguns to hit Iraq in '09

Wireless slugs strike round corners

Don’t Miss

Warning: roadworksNetbooks and Mini-Laptops

Buyer's Guide They're little and we love 'em. But which ones are best?

Warning: roadworksIntel shakes AMD's chip-fabbing baby

Cross-licensing custody battle

Emails show journalist rigged Wikipedia's naked shorts

Overstock's Byrne vindicated amidst economic meltdown

Warning StopYours truly, angry mob

Book extract Bringing Nothing To The Party: Cleaning up the net, one satirical vigilante page at a time