|
 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
1 |
 |
Members:
0 |
 |
Total:
1 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:21 PM |
|
| I've edited this to delete reference to software that was later determined to be spyware:
What is affected:
All current Windows versions of AOL Instant messenger (www.aim.com) :
Version (4.7.2480) and beta (4.8.2616) Windows versions
Vulnerability:
Your Windows based machine can be taken over or remotely crashed by another user. All they need is your IP address, if you're running an effected version of AIM. You will NOT have an opportunity to "reject" the message. If you're running AIM you're vulnerable. As far as we know no NON-WINDOWS based machine is vulnerable.
What It Does
Basically this exploit uses an unprotected buffer overflow (that is an area where the computer doesn't check the length of a message before it processes it, and the length could exceed the size that the computer has allocated for it). This vulnerability would allow the malicious user to place their own code on your machine and run it, possibly including trojans or viruses, or to damage or crash your machine. The vulnerability is well documented and could be released as a trojan or virus at any time now. At this point there are no known scanners or trojans that exploit this vulnerability, but it WILL ONLY BE A SHORT TIME now that the mechanism is known. AOL has not yet released a patch for this vulnerability, nor have they acknowledged it, but the information on how to exploit it is now public knowledge. With over 100 Million users any such virus would spread VERY FAST (instant messaging is MUCH MORE IMMEDIATE than email) and might not be able to be protected against using traditional virus checkers fast enough to prevent spread.
How to Protect Yourself
The easiest way to protect yourself is to disable AOL Instant messaging from running or starting up until AOL releases a fix for this. You do not get any warning, or chance to reject the bad message - if AOL is running you are vulnerable.
Caution!
YOUR BEST BET IS TO DISABLE AOL INSTANT MESSENGER until a patch is released!
Further Details
This info was received from the NTBUGTRAQ Mailing list ( www.ntbugtraq.com ) an excellent securities related mailing list. The security company w00w00 got the word out about this vulnerability ( http://www.w00w00.org/ ) (that is WZeroZeroWZeroZero), and you can get more info on the vulnerability there:
http://www.w00w00.org/advisories/aim.html
Summary
This vulnerability in AOL Instant messenger is a serious one that allows a 3rd party to take over or damage your machine. ALL users of AOL Instant messenger should update as soon as possible after they release and it's strongly advised that you disable AIM until a patch is released, or install filtering.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|