AOL Instant Messenger URI Handler Buffer Overflow

 Overview
Roughly a month ago, iDefense, Inc. discovered a buffer overflow vulnerability in all Windows versions of AOL Instant Messenger (AIM). The impact of this vulnerability may allow for an attacker to execute malicious code on Windows platforms. Exploit of this vulnerability, however, requires that an AIM user click on a malicious URL supplied in an instant message or embedded in a web page.
 Affected Products and Applications
AOL Instant Messenger (AIM) for Windows - All known versions

 Solutions

1. AOL recommends that Windows users of AIM upgrade to the latest version of AIM 5.5 found here. This new version of AIM will address the vulnerability described and can be obtained via the AOL Instant Messenger portal, www.aim.com. (be sure not to install the AIM games feature or Weatherbug when asked as they are spyware)
 
2. Download Trillian Here, a free alternative for AIM and a few other instant messaging programs that is fully configurable, or a different AIM compatible instant messaging program and remove AIM alltogether.
 
-Portions taken from AIM.COM
 
Thanks for visiting!