Core Security Technologies announced last week that it was working with AOL to address a critical security flaw in the company's popular AOL Instant Messenger program. The flaw takes advantage of the interaction between AIM and Internet Explorer, and could potentially allow a malefactor to sent code to an AIM user that would, in turn, run unauthorized software on the victim's computer. The flaw is particularly troubling because it would be easy to compromise many computers via a self-replicating worm. Such a worm would not require any user interaction to propagate.

AOL is currently filtering its IM servers to prevent an attack from occurring, but security experts are advising users to downgrade to the 5.9 release, which does not support HTML rendering - the interaction that could propagate a worm. AOL recommends that users upgrade to the 6.5.3.12 beta, but other experts caution that the 6.5 beta release is vulnerable to the flaw. AOL seemed to indicate in a statement on its Web site that it wasn't planning to fix the potentially dangerous code.