Apparently, they fixed it on the servers that control these connections.
On Fri, 2002-01-04 at 16:34, Dan Trainor wrote: > Does this alarm anyone else? How will AOL fix this problem without > making users download any patches / fixes? Are they going to install it > themselves? If so, if they can fix this problem by installing a fix on > to your machine, what's stopping a malicious user from installing > something else on your machine? > > If I am misunderstanding how this latest vulnerability works, I do > apologize for this "junk" mail. :) > > > -dt > > > > -----Original Message----- > From: Meritt James [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 03, 2002 7:43 AM > To: [EMAIL PROTECTED] > Subject: another little IM problem... > > "WASHINGTON, Jan. 2 - A security hole in AOL Time Warner's Instant > Messenger program used by millions of people worldwide can let a hacker > take full control of a victim's computer, according to security > researchers and the company. An AOL spokesman said the problem will be > fixed soon, and users won't have to download anything." > > Full article at http://www.msnbc.com/news/680950.asp > > A bit more techie at http://www.w00w00.org/advisories/aim.html > > -- > James W. Meritt CISSP, CISA > Booz | Allen | Hamilton > phone: (410) 684-6566 -- Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Lucent Technologies/NPS Raleigh, NC _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com