Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2373

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2373
Last Modified 05 Sep 2008 04:43:57
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2373

Summary

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

Vulnerable Systems

Application

  • Aol Instant Messenger 4.3

  • Aol Instant Messenger 4.3.2229

  • Aol Instant Messenger 4.4

  • Aol Instant Messenger 4.5

  • Aol Instant Messenger 4.6

  • Aol Instant Messenger 4.7

  • Aol Instant Messenger 4.7.2480

  • Aol Instant Messenger 4.8.2616

  • Aol Instant Messenger 4.8.2646

  • Aol Instant Messenger 4.8.2790

  • Aol Instant Messenger 5.0.2938

  • Aol Instant Messenger 5.1.3036

  • Aol Instant Messenger 5.2.3292

  • Aol Instant Messenger 5.5

  • Aol Instant Messenger 5.5.3415 Beta


References

XF - aim-buddy-predictable-location(15310)

BID - 9698

BUGTRAQ - 20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution


Last Updated: 27 May 2016 10:39:26