Core Security CTO Finds Major Vulnerability in AIM, IE7

32 Comments

The Associated Press reported this afternoon that the chief technology officer of the company that makes Core Impact, a very well-known penetration testing product for enterprise networks, has gone public with the discovery of a new and significant vulnerability affecting AOL Instant Messenger, on systems where Internet Explorer 7 is also installed.

Core Security CTO Iván Arce told the AP that the current AIM 6.1, including the Pro and Lite versions, as well as the beta of AIM 6.2 all utilize Internet Explorer 7 for some of their rendering functions, including graphic emoticons. The interaction between AIM and IE7 apparently takes place over a link that Arce says he's proven can be exploitable, in demonstrations last month to officials of AOL's parent company, Time Warner.

Certain commands issued during an IM session can apparently enable full remote access to IE7, according to the AP report's assessment of Arce's claim. Users of the Web-based alternative to AIM would not experience this problem, he said.

For more: Core CTO: Highly Exploitable AIM Bug Could Lead to System Hijack

32 Comments

32 Responses to Core Security CTO Finds Major Vulnerability in AIM, IE7

Got News? Contact Us

Recent Headlines

Firefox Nightly expands to Linux on ARM64

How writing zip support for Windows almost cost its creator his job at Microsoft

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.