09-28-2007, 11:53 AM
Quote:Theres a nasty worm hole in America Onlines standalone AIM (instant messaging) software that wont be patched until the middle of October.
AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta client but, as Ive confirmed in a test with security researcher Aviv Raff, fully patched versions of the beta is still wide open to a nasty worm attack.
Production copies of the software, which sits on tens of millions of desktops around the world, are also unpatched...
full article: http://blogs.zdnet.com/security/?p=542