Officials from Core Security Technologies said it contacted AOL about the
flaw late last month. While company executives at AOL say the hole has been
closed, Core Security officials counter that the fix doesn't go far enough.
However, one Core Security official said it remains unclear whether anyone has
successfully exploited the hole.
The flaw resides in the most recent beta releases of AIM 6.1 and 6.2. Core
Security has also found the hole in the AIM Pro, intended mainly for business
users, and in AIM Lite. The company said the problem doesn't exist in version
5.9 of AIM nor in AIM 6.5, a product also currently in beta testing.
The security hole arose, according to Core Security, because of the way the
affected versions allow instant messaging users to augment their conversations
with a number of fonts and pictographic "emoticons." The flawed versions
of AIM do this by using Microsoft Corp.'s Internet Explorer program to render
images, they explained.
Core Security contends that the real problem involves AIM enabling full access
to all of Internet Explorer's functions, including the ability to carry out
programming commands and direct them at Web sites. By embedding specific commands
in an IM session, hackers can direct a user's system to do things such as visit
malicious Web sites where even more bad code could be installed.
AOL officials responded by saying the issue has been resolved and that users
should feel "completely safe."
Posted by Ed Scannell on 09/27/2007 at 1:23 PM
Microsoft on Tuesday announced a preview of the artificial intelligence (AI)-generated Bing Image Creator in the Microsoft Edge browser, along with new Stories and Knowledge Card 2.0 Bing search capabilities.
Microsoft on Tuesday announced a preview of OpenAI's GPT-4 artificial intelligence (AI) model for users of the Azure OpenAI service.
Organizations using Windows Server Update Services (WSUS) or Configuration Manager will be getting a 10GB download next week that will kick off Microsoft's Windows 11 version 22H2 Unified Update Platform (UUP) servicing scheme for those premises-based management tools, Microsoft warned on Monday.
Microsoft this week announced that Azure Firewall Basic is now at the "general availability" commercial-release stage.
Microsoft this week announced Semantic Kernel, a new open source framework on GitHub at the early preview stage that aims to help developers tap artificial intelligence (AI) and large language models in their applications.
More Tech Library