A Boston security company claims to have found six security holes in the ICQ ('I-Seek-You') instant messaging client for AOL.
The flaws include three problems with the Pop3 client, and can allow intruders to cause a variety of problems, from being able to install malware to hanging the computer by monopolising the CPU.
All versions of Mirabilis ICQ Pro instant messaging client, including the Mirabilis ICQ Pro 2003a release, are believed to be affected. There is no available patch for the problems.
AOL bought the ICQ system manufacturer Mirabilis in 1998.
"It doesn't need much technical ability to exploit this," said Ejovi Nuwere, senior security engineer for Core Security Technologies.
"Although there's no sign of any automated tools for script kiddies, there's little doubt that a skilled coder could build an automated exploit engine within a couple of days at most."
Before going public, Core Security Technologies said it made repeated attempts to contact AOL and developers Mirabilis with details of the problems after discovering them in March, but has received no response.
AOL in the US declined to comment beyond issuing a brief statement, which said: "We take all security related inquires seriously and are currently looking into the report."
Full details of the flaws can be found here.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend