Hole in AOL's messaging program

Program has millions of registered users

The internet giant America Online has promised a quick fix to a security hole in its popular instant messaging program that could allow hackers to take control of a victim's computer.

AOL Instant Messenger has over 100 million registered users, but only the Windows version of the software is at risk.

"We have identified the issue and have developed a resolution that should be deployed in the next day or two," said AOL's Andrew Weinstein.

The vulnerability was discovered by the security research team, w00w00, a group founded by a 19-year-old American student.

'Huge implications'

The flaw, called a "buffer overflow" problem, is similar to vulnerability recently found in Microsoft's Windows XP.

You could do just about anything - delete files on the computer or take over the machine

Matt Conover, w00w00 founder

The hole lies in a feature that allows people to invite other Instant Messenger users in their buddy list to play online games such as Quake.

In a statement, w00w00 said "the implications of this vulnerability are huge and leave the door wide open for a worm", a computer virus that can spread by itself, without human intervention.

"You could do just about anything - delete files on the computer or take over the machine," said Matt Conover, founder of w00w00.

He has advised people using Instant Messenger to restrict incoming messages to friends on their buddy lists until the security hole is fixed.

AOL warned

The group said it first discovered the flaw several weeks ago but did not get in touch with AOL until after Christmas.

It said it did not get a reply from AOL to an e-mail sent during the holiday week, so w00w00 decided to release details of the problem to public security mailing lists less than a week later.

AOL said it would have appreciated more warning.

"We'd encourage any software programmer that discovers a vulnerability to bring it to our attention prior to releasing it," said Mr Weinstein.