- This topic has 0 replies, 1 voice, and was last updated 24 years, 1 month ago by
.
-
Posts
-
Reuters
January 14, 2002
SAN FRANCISCO (Reuters) – AOL on Monday urged users of older versions of its ICQ instant messaging program to upgrade to the latest version because of a new security hole that could leave computers vulnerable to hacking.
A bug has been found in the voice/video and games features in versions earlier than version 2001b of ICQ, which was released in October, said Andrew Weinstein, a spokesman for the Dulles, Virginia-based company.
The problem results when the application is flooded with more code than it can handle, triggering a so-called “buffer overflow” error and allowing extraneous code to be executed. That could allow someone to download malicious code onto a targeted computer.
People using older versions of ICQ can download the newest version from (http://www.icq.com/download/). Users of the newer version of ICQ do not have to make any changes, according to Weinstein.
The company has made some modification to its servers to mitigate the risk to affected users, he said.
“The exploit, to our knowledge, never has been used in the wild,” Weinstein added.
A University of Pennsylvania student first discovered the hole and it was posted to Bugtraq, a security e-mail list, a week ago, he said.
There are 125 million registered users of ICQ, Weinstein said.
It is the second such security flaw to be found in AOL instant messaging software this month.
Two weeks ago a buffer overflow-related security hole was disclosed in AOLŒs other instant messaging program — AOL Instant Messager, also called AIM. That hole could allow a malicious hacker to take control of computers through AIMŒs advanced game-playing feature.
There are about 100 million registered AIM users, 29 million of which are active users, according to an industry report.
- You must be logged in to reply to this topic.