This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Aol First view 2004-12-31
Product Instant Messenger Last view 2007-09-27
Version 5.1.3036 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:aol:instant_messenger

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2007-09-27 CVE-2007-5124

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.

4.3 2007-04-10 CVE-2007-1904

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

5 2005-06-09 CVE-2005-1891

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

5 2005-05-18 CVE-2005-1655

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.

7.5 2004-12-31 CVE-2004-2373

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

CWE : Common Weakness Enumeration

100% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
40556 AOL Instant Messenger (AIM) IE Server Control Notification Window Script Inje...
34839 ICQ File Transfer Traversal Arbitrary File Write
34838 AOL Instant Messenger (AIM) File Transfer Traversal Arbitrary File Write
20683 AOL Instant Messenger (AIM) Font Tag sml Parameter Malformed Smiley DoS
17220 AOL Instant Messenger (AIM) ateimg32.dll Malformed Buddy Icon GIF DoS
4012 AOL Instant Messenger (AIM) Predictable File Location Weakness

Nessus® Vulnerability Scanner

id Description
2005-06-08 Name: The remote Windows host is susceptible to denial of service attacks.
File: aim_buddy_icon_overflow.nasl - Type: ACT_GATHER_INFO
2005-05-19 Name: The remote Windows application is prone to denial of service attacks.
File: aim_smiley_location_dos.nasl - Type: ACT_GATHER_INFO