Browser Security News

[tag]AOL[/tag] Thursday slipstreamed a security update to users of the Internet provider’s browser to fix a bug that Microsoft patched back in June.

According to an alert posted by Reston, Va. security company iDefense Inc., [tag]AOL’s browser[/tag] uses a flawed method to render compressed images in the .art format. An attacker can exploit the bug by convincing users to view a maliciously-crafted .art image; the resulting heap overflow can be further leveraged, letting the attacker post his own code to the victimized PC. End result: The computer is hijacked.

"iDefense analysis has shown that exploitation can be as reliable as 75 percent with the current exploitation method," the warning read. In the 1-in-4 attempts that would likely fail, the PC would probably slow down or lock up entirely. AOL Patches Buggy Browser - News by InformationWeek