Uninvited remote maintenance via AIM [Update]
Security service provider Core Security has released a security advisory describing vulnerabilities in AOL Instant Messenger (AIM). The instant messaging software uses Microsoft's HMTL library mshtml.dll to display messages, but fails to adequately sanitise incoming messages, allowing attackers to execute arbitrary commands on AIM users' computers.
Security researcher Aviv Raff writes in his blog that, contrary to previous reports, the beta-version of AIM still includes the flaw. AIM users should stop using the software until an update is available, or alternatively use other IM software such as Miranda-IM.