[ insider_reports_insider ]
ICQ, AIM Flaw Poses File Transfer Trouble
David Utter
Staff Writer
2007-04-10
 Insider Reports RSS Feed
People who use AIM or ICQ for instant messaging are vulnerable to a file transfer path traversal vulnerability that could be remotely exploited.
 | | ICQ, AIM Flaw Poses File Transfer Trouble |  |
Those who would rather not have someone out there dropping files on their systems over AIM or ICQ have different options available to them right now.
An iDefense Labs report said that fixes to AIM's infrastructure will mitigate the problem for AIM version 5.9 and earlier, although AIM's parent AOL suggests people upgrade AIM to a current version.
For ICQ, AOL pushed out an automatic update that patched the flaw, which was present in ICQ 5.1 and was likely present in previous versions.
Problems could have come during a file transfer session while using one of those vulnerable clients.
Attackers would be able to place arbitrarily named files in a directory of their choice when the victim accepts a file transfer.
In ICQ, a user has to have the attacker on a buddy list, and also manually accept the requested transfer. This served to limit the threat to ICQ clients.
Microsoft Thinks Security Is Funny: Zombies, ninjas, aliens, and overdressed superspies threaten the diligent, bespectacled IT guy in Microsoft's newest ad campaign pushing their Forefront business security products.
The campaign at Easy, Easier presents a humorous informational approach to learning about Microsoft's options in the computer security industry.
Our thoughts? The zombie looks like the bizarre love child of Don Imus and Mick Jagger.
---
Tags: AIM, ICQ, Microsoft, Forefront, Easy Easier
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
