AOL ICQ vulnerability revealed

Chat program remote execution flaw patched.

Details of a vulnerability found in AOL's ICQ instant messaging software have been released by TippingPoint. The ActiveX flaw could allow unpatched versions of the software to be targeted and exploited remotely with no user interaction.

The bug was first reported to AOL in late September, and the details are being made public a week after a fix was developed and released to users. Anyone who has logged on to the AOL network since the patch release should have been automatically updated, but as the vulnerability can break into a machine just by sending a chat message, some users are thought to remain at risk and are advised to update their software.

Information on the vulnerability and the patch can be found at TippingPoint's Zero Day Initiative site, here, or at Secunia, here.

09 November 2006

Tags: virus

del.icio.us

digg this

News


	Microsoft to publish security bulletins in CVRF format Standard will streamline process of reviewing patches. 22 May 2012 FBI warns against malware installed via hotel networks Malware poses as fake update of popular software. 09 May 2012 May issue of VB published The May issue of Virus Bulletin is now available for subscribers to download. 3 May 2012 Android malware served via compromised websites Malware downloaded automatically, but requires user permission to be installed. (1 comment) 03 May 2012 PayPal spam leads to exploit kit Clicking on links leads to Blackhole rather than phishing site. 02 May 2012 Subscribe \| View All virusbtn: Google will start warning users still infected with the DNSChanger trojan http://t.co/AgVvG9uh 1 hour ago virusbtn: And this is what our website looked like back then http://t.co/trZGa44E 1 hour ago Follow us

News Archive


	2012 December November October September August July June May April March February January 2011 2010 2009 2008 2008 2007 2006 2005 2004 2003 2002 Subscribe \| View All