For best results: this site requires that cookies be enabled for proper operation - see Legal Page for more info

Select Any of These

AOL BUGS

LAST UPDATED: Thursday, 14 February 2008 20:46:09 -0600

Translate this page      using FreeTranslation.com

AIM ESCAPED CHARACTER VULNERABILITY   AIM PATH DISCLOSURE

AOL INSTANT MESSENGER BUGS      FIX FOR AOL AND WINDOWS 2000 USERS

PESKY AOL 5 DIAL-UP BUG

FIX FOR AOL AND WINDOWS 2000 USERS

AOL subscribers who plan on upgrading to Windows 2000 need to download a fix to add support for Johnson-Grace compressed images, or ART files. By default, Windows 2000 does not support these graphics, but AOL's software commonly uses them. The fix, approximately 300KB in size, is available for download from Microsoft:

http://www.pcworld.com/r/tw/1%2C2061%2Ctw-0421bug%2C00.html

PESKY AOL 5 DIAL-UP BUG

Much has been made recently of AOL 5's alleged interference with other ISPs when multiple accounts from multiple ISPs 
exist on a single computer. While not all the alleged problems exist on all machines, Bugnet (with the assistance of 
KeyLabs) has discovered what it believes to be an actual bug in the AOL software, version 5. Even though you may not 
have AOL set as your system's default Web and e-mail service, when you obtain a TCP/IP or PPP connection to any service 
provider, AOL invariably asks, "Would you like to start AOL now?" If you choose Yes, your system generates a blue error 
screen and crash. At that point, you have to reboot.

Bugnet offers the solution of turning off AOL's Auto Start options. Right-click the AOL icon in your system tray and 
select AOL Auto Start Options. Click the button indicating that you wish to disable all Auto Start Options. Click OK.

For more information, check out Bugnet's article "AOL Found Unruly But Not Reprehensible" at

http://www.bugnet.com/alerts/bugalert_21100.html

AIM ESCAPED CHARACTER VULNERABILITY

AOL Instant Messenger (AIM) is a popular messaging client that allows users to chat with anyone on AOL's system or anyone who also has the AIM client. It is included with the full version of Netscape Communicator 4.7x, or can be downloaded from AOL as a separate client.

If URL references containing Escaped Character entities ranging from &#770 to &#779 are sent to an AIM client, it can result in anything from the closing of a message window to complete shutdown of the AIM program. This affects all versions of AIM prior to and including 3.5.1808. Users should upgrade to a newer version (3.5.1856 or later) by browsing to

http://www.aol.com/aim/home.html

AIM PATH DISCLOSURE

AIM is short for AOL Instant Messenger, a popular person-to-person chat utility developed by none other than America Online. The latest version, 4.0, allows transmission of files between users. However, if a person transmits a file, the full local path is disclosed to the recipient.

Security experts contend that this information could be used to discover the operating system platform and other sensitive details that may assist in a future attack. This vulnerability is not necessarily a bug, but it does pose a considerable security risk. 

There are currently no solutions to this problem since it appears to be an intended feature of the program. Concerned users are urged to contact AOL.

AOL INSTANT MESSENGER BUGS

@Stake has published a security advisory regarding AOL Instant Messenger. According to the advisory, several bugs (including buffer overflows and mishandled conditions) exist that could allow a user to execute arbitrary code on the machine running AIM. @Stake urges all users to upgrade to the latest version, 4.3.2229. To see which version you have, in the Buddy List window, click Help, About Instant Messenger. To download the latest version, browse to:

http://www.aol.com/aim/home.html

For more specific information on AIM's vulnerabilities or to view instructions on possible workarounds (for users who can't upgrade), read @Stake's original advisory: 

http://www.atstake.com/research/advisories/2000/a121200-1.txt

Questions?

Just Check out some of our sponsors

Shop at BestPrices.Com!

COPYRIGHT 1998 - 2008 All names used are Trademarks of the respective companies

[ Home ] [ Up ]

Send mail to CompanyWebmaster  with questions or comments about this web site.
Copyright © 2007 HALO Computer Technology
Last modified: 02/14/08