This came up on one of the Prodigy communities. I thought some AOL users might find it of help.

Following received from a computer security manager at a Navy lab:

A new remote vulnerability in AOL Instant Messenger (AIM)

was reported early Wednesday morning. This one is a real

booger-snapper that allows remote attackers to execute

arbitrary commands on your Microsoft Windows system. The

victum (you) is unable to refuse the attack or determine

who initiated it.

Here are the Affected Versions:

AOL Instant Messenger versions 4.3 through 4.7.2480 for Windows

AOL Instant Messenger version 4.8.2616 for Windows (beta)

Note: AOL Instant Messenger versions prior to 4.3 have not

been tested. Previous versions that contain the "Games"

feature may also be vulnerable.

This is a serious vulnerability in a very widely used software

product. If a worm like Code Red or Nimda were written to

exploit this vulnerability, it would likely spread very rapidly,

and could potentially damage both personal and business systems.

Recommendations:

Upgrade to the latest version of AOL Instant Messenger as soon

as a fix is available.

To reduce the risk from this vulnerability until a fixed version is

available, AOL Instant Messenger users should block unknown users from

contacting them using AIM. However, this will not provide complete

protection, because users on your Buddy List can still contact you. If

this vulnerability is built into a worm, this attack may come from users

on your Buddy List without their knowledge.

To block unknown users in AIM:

1. Go to My AIM -> Edit Options -> Edit Preferences.

2. In the left pane, select the Privacy category.

3. In the "Who can contact me" section, select "Allow only users on my Buddy

List".