AOL Instant Messenger prior to v5.5.3415 contains a buffer overflow in the CCertsByUserName::Cleanup() function which can lead to remote code execution. Can be exploited via HTML web pages or email via long aim: URIs. Fix available here.
658bc232448de8aa479f016c69377dec0c4df2e3dc1edc3e917f281631ca4178