Apple iChat contains a flaw related to the way that aim URIs are handled by a printable format string that may allow an attacker to execute arbitrary code in the context of the user.

Apple Inc. has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s):
Disable the aim URI handler using RCDefaultApp

• Security Tracker: 1017661
• CVE ID: 2007-0021 (see also: NVD)
• Bugtraq ID: 22146
• Secunia Advisory ID: 24198
• ISS X-Force ID: 31679
• Related OSVDB ID: 32713 32714
• CERT VU: 794752
• VUPEN Advisory: ADV-2007-0274
• Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=305102
• Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
• Other Advisory URL: http://projects.info-pull.com/moab/MOAB-20-01-2007.html
• US-CERT Cyber Security Alert: TA07-047A

• LMH - lmhinfo-pull.com -