COMMAND

    AOL Instant Messenger

SYSTEMS AFFECTED

    Systems running AOL Instant Messenger

PROBLEM

    Adam Brown found following.  There is a bug in the newer  versions
    of AOL's  Instant Messenger  that will  cause the  client to crash
    when exploited.   To exploit  this bug,  send a  hyperlink in this
    format and click on it:

        aim:addbuddy?=screenname

    (replacing "screenname" with an  actual screen name seems  to give
    the  same  result)   You  can  also  set  up  a web page that will
    redirect your victim to a client crashing URL once they've  caught
    on to your evil little scheme. An example of this is available at:

        http://www.fazed.net/poof

SOLUTION

    AOL was notified of this about two weeks ago.  You can't duplicate
    this on any 2.0.8* builds... (on 2.0.9* works).  The problem could
    not be  duplicated on  AIM 2.0.813  (Windows 98)  running IE  5.0.
    Also,  this  doesn't  seem  to  work  on  the Mac versions (tested
    2.01.644).