This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Aol First view 2004-11-23
Product Instant Messenger Last view 2007-09-27
Version 5.5.3415_beta Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:aol:instant_messenger

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2007-09-27 CVE-2007-5124

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.

4.3 2007-04-10 CVE-2007-1904

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

5 2005-06-09 CVE-2005-1891

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

5 2005-05-18 CVE-2005-1655

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.

7.5 2004-12-31 CVE-2004-2373

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

10 2004-11-23 CVE-2004-0636

Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
40556 AOL Instant Messenger (AIM) IE Server Control Notification Window Script Inje...
34839 ICQ File Transfer Traversal Arbitrary File Write
34838 AOL Instant Messenger (AIM) File Transfer Traversal Arbitrary File Write
20683 AOL Instant Messenger (AIM) Font Tag sml Parameter Malformed Smiley DoS
17220 AOL Instant Messenger (AIM) ateimg32.dll Malformed Buddy Icon GIF DoS
8398 AOL Instant Messenger (AIM) aim:goaway URI Handler goaway Function Away Messa...
4012 AOL Instant Messenger (AIM) Predictable File Location Weakness

ExploitDB Exploits

id Description
431 AOL Instant Messenger AIM "Away" Message Remote Exploit
395 AOL Instant Messenger AIM "Away" Message Local Exploit

Snort® IPS/IDS

Date Description
2014-11-04 AOL Instant Messenger goaway message buffer overflow attempt
RuleID : 32370-community - Type : SERVER-OTHER - Revision : 3
2014-12-04 AOL Instant Messenger goaway message buffer overflow attempt
RuleID : 32370 - Type : SERVER-OTHER - Revision : 3
2014-01-10 AOL Instant Messenger goaway message buffer overflow attempt
RuleID : 3085-community - Type : SERVER-OTHER - Revision : 13
2014-01-10 AOL Instant Messenger goaway message buffer overflow attempt
RuleID : 3085 - Type : SERVER-OTHER - Revision : 13

Nessus® Vulnerability Scanner

id Description
2005-06-08 Name: The remote Windows host is susceptible to denial of service attacks.
File: aim_buddy_icon_overflow.nasl - Type: ACT_GATHER_INFO
2005-05-19 Name: The remote Windows application is prone to denial of service attacks.
File: aim_smiley_location_dos.nasl - Type: ACT_GATHER_INFO