COMMAND

    AOL

SYSTEMS AFFECTED

    AOL

PROBLEM

    Aviram  Jenik  found  following.   Many  administrators  allow AOL
    client  communication   through  their   firewall.  Those   should
    understand, that  while the  AOL client  only uses  port 5190  for
    communication, the  client actually  establishes an  IP tunnel  to
    the server, in order to become  a part of a VPN, thus  effectively
    piercing the firewall.   The consequences are  that basically  the
    firewall is useless.  The  firewall can do very little  filtering,
    and certainly not protect the client against attacks from  outside
    (including access to local services running on the client).

    This means that even though  the firewall allows http access  only
    to  the  internal  web  server,  outsiders  can access a local web
    server running on  a client machine  running an AOL  client. Other
    malicious  attacks  (such  as  the  various  win  nukes)  are also
    possible.

    For more information please take a look at:

        http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_behind_a_firewall.html

SOLUTION

    Use page above.