AOL Issues Advisory, Patch For AIM Security Flaw
The security breach allows an attacker to create a buffer overflow in Windows versions of AIM. The AOL advisory notes that users will not have a problem if they simply avoid clicking on any URL links to unknown destinations that are delivered in AIM messages.
The new beta release of AIM will be available at www.aim.com before the end of the week. The workaround, developed by Matt Murphy of iDefense who also discovered the vulnerability, requires removal of the following key from the Windows registry: HKEY_CLASSES_ROOT\aim.
If IT support staff need to fix several computers, they can use the following code, if saved with a ".vbs" extension:
Set WshShell = CreateObject("WScript.Shell") WshShell.RegDelete "HKCR\aim\"
*This story courtesy of MessagingPipeline.com.