Security update for AOL software
Version 9 and earlier versions of AOL's access software contain security holes related to the processing of images in AOL's proprietary art graphics format. Attackers can manipulate art images to smuggle malicious code onto affected machines. The graphics need not bear the .art file ending; as long as <img> tags are properly in place, the browser will seek out the appropriate processing routine on its own.
The error also affects Internet Explorer. Microsoft already closed the hole on this year's June's Patch Tuesday. AOL is now following suit and providing updates for the version 9 series of access software. This should automatically download and install itself when users log on to the service. Users of older AOL access software are recommended to make the switch to version 9.
- Multiple Vendor ART File Heap Corruption Vulnerability, Advisory from iDefense
(trk)