Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0591

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0591
Last Modified 05 Sep 2008 04:28:25
Published 18 Jun 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0591

Summary

Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.

Vulnerable Systems

Application

  • Aol Instant Messenger 4.0

  • Aol Instant Messenger 4.1

  • Aol Instant Messenger 4.2

  • Aol Instant Messenger 4.3

  • Aol Instant Messenger 4.4

  • Aol Instant Messenger 4.5

  • Aol Instant Messenger 4.6

  • Aol Instant Messenger 4.7

  • Aol Instant Messenger 4.8 Beta


References

XF - aim-direct-connection-files(8870)

BUGTRAQ - 20020416 AIM's 'Direct Connection' feature could lead to arbitrary file creation

BID - 4526


Last Updated: 27 May 2016 10:36:59