AOL Says It Fixed Flaw In Instant Messaging Service

AOL became aware of the flaw Wednesday morning after a group issued a report to security mailing lists about a feature in the most recent version of AIM, spokesman Andrew Weinstein said. The flaw, which was also found in a test version of AIM, could allow someone to take control of home computers.

The feature, which was present in the most recent version of AIM and some other versions, allowed a user to invite someone to play a game with them through instant messaging. The feature had a potential vulnerability that could be used by an advanced programmer to take control of a computer.

"To our knowledge, it was never used," Weinstein said of the potential vulnerability.

The flaw, which would have affected only non-AOL subscribers, has been fixed from the AOL side and AIM users do not have to download anything for the resolution.

A security group, called w00w00, first found the potential vulnerability in AIM, which has 100 million registrations. A recent industry report said the service had about 29 million active users.

The flaw is similar to one that was found in AOL rival Microsoft's Windows XP.

Shares of AOL Time Warner were down 12 cents to $31.48.

Copyright 2002 Reuters Limited. All rights reserved.

Republication or redistribution of Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters.

Reuters shall be not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.