Lucene search
K
AolInstant Messenger

30 matches found

cve
cve
added 2005/03/20 5:0 a.m.64 views

CVE-2001-1420

CVE-2001-1420 affects AOL Instant Messenger (AIM) 4.7. The vulnerability is a denial of service caused by processing a long filename, likely due to a buffer overflow in the file/name handling path, which can crash the application when a crafted filename is encountered. The exposed impact is a loc...

5CVSS7.3AI score0.02448EPSS
cve
cve
added 2000/02/04 5:0 a.m.60 views

CVE-1999-0486

CVE-1999-0486 affects AOL Instant Messenger. A remote attacker sending a malicious hyperlink to a receiving client can trigger a denial of service, potentially crashing the system. Multiple connected sources (Red Hat advisory, CVE lists, NVD/NIST entry) corroborate the basic impact and vector as ...

5CVSS7.4AI score0.01823EPSS
cve
cve
added 2005/03/20 5:0 a.m.59 views

CVE-2001-1417

CVE-2001-1417 affects AOL Instant Messenger (AIM) 4.7. An attacker can trigger a denial of service by sending a buddy icon GIF where the length/width values exceed the actual image data, causing the application to hang or crash. The available sources (NVD/CVE records) describe the impact as a DoS...

5CVSS7AI score0.02424EPSS
cve
cve
added 2007/04/10 11:0 p.m.59 views

CVE-2007-1904

CVE-2007-1904 describes a directory-traversal vulnerability in AOL Instant Messenger (AIM) ≤ 5.9 and ICQ ≤ 5.1 (likely earlier) that allows user-assisted remote attackers to write files to arbitrary locations by supplying a filename containing .. in a file transfer operation. The core issue is im...

4.3CVSS6.8AI score0.03746EPSS
cve
cve
added 2005/03/20 5:0 a.m.58 views

CVE-2001-1419

The CVE-2001-1419 entry concerns AOL Instant Messenger (AIM) versions 4.7.2480 and earlier. The vulnerability arises when processing an instant message containing a large amount of HTML comments "

5CVSS6.9AI score0.02412EPSS
cve
cve
added 2007/09/27 7:0 p.m.58 views

CVE-2007-5124

CVE-2007-5124 concerns AOL AIM 6.5.3.12 and earlier, where an embedded Internet Explorer server control in the AIM client renders HTML content from IM messages without proper sanitization, enabling remote code execution. The root cause relates to inadequate handling of mshtml-based HTML/JS in mes...

6.8CVSS7.4AI score0.01899EPSS
cve
cve
added 2004/08/12 4:0 a.m.57 views

CVE-2004-0636

CVE-2004-0636 describes a buffer overflow in AOL Instant Messenger (AIM) 5.5’s goaway URI handler. The goaway function overflows when processing a long Away message, enabling a remote attacker to execute arbitrary code or cause a crash. Affected versions include AIM 5.5 and 5.5.3595. Connected so...

10CVSS7.6AI score0.66019EPSS
Web
cve
cve
added 2000/03/22 5:0 a.m.56 views

CVE-2000-0190

CVE-2000-0190 affects the AOL Instant Messenger (AIM) client. The vulnerability arises when processing a message containing a malformed ASCII value, which can cause a denial of service. The NVD metrics report a CVSSv2 base score of 5.0 (Medium) with network attack vector, low attack complexity, a...

5CVSS7AI score0.01317EPSS
cve
cve
added 2002/06/11 4:0 a.m.56 views

CVE-2002-0592

CVE-2002-0592 affects AOL Instant Messenger (AIM). The vulnerability allows remote attackers to steal files being transferred to other clients by connecting to AIM’s Direct Connection port 4443 or file transfer port 5190 before the intended user. The available sources describe this as a scheme to...

7.5CVSS7.1AI score0.01571EPSS
cve
cve
added 2007/06/27 12:0 a.m.56 views

CVE-2007-3437

CVE-2007-3437 affects AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP. It is a remote denial of service vulnerability triggered by a malformed SIP INVITE header value, causing the AIM application to crash. The vulnerability is described as distinct from CVE-2007-3350 (a separate SIP INVITE flo...

7.8CVSS6.6AI score0.01602EPSS
cve
cve
added 2000/06/15 4:0 a.m.55 views

CVE-2000-0383

CVE-2000-0383 concerns AOL Instant Messenger’s file transfer component disclosing the sender’s local file path to the recipient. The CERT/CC entry notes this as an exposure that could enable privacy/security inferences about the sender’s machine. The description in CVE records this behavior; vend...

5CVSS6.4AI score0.00992EPSS
cve
cve
added 2001/01/22 5:0 a.m.54 views

CVE-2000-1000

Summary: CVE-2000-1000 is a format-string vulnerability in AOL Instant Messenger (AIM) 4.1 and earlier. The issue arises when transferring a file whose name contains format specifiers, which can cause a denial of service and may allow arbitrary command execution. Root cause: format-string handlin...

5CVSS7.7AI score0.02209EPSS
cve
cve
added 2005/03/20 5:0 a.m.52 views

CVE-2001-1418

CVE-2001-1418 affects AOL Instant Messenger (AIM) 4.7, where remote attackers can trigger a denial of service by sending a malformed WAV file. The vulnerability is described with a MEDIUM base score (5.0) and a network attack vector with no authentication required; exploitation details are not pr...

5CVSS6.9AI score0.02202EPSS
cve
cve
added 2005/11/16 9:17 p.m.52 views

CVE-2002-2169

CVE-2002-2169 affects AOL Instant Messenger (AIM) 4.5 and 4.7 on MacOS and Windows. A crafted URL containing a META HTTP-EQUIV="refresh" tag to an aim: URL triggers cross-site scripting, enabling remote attackers to perform unauthorized actions such as adding buddies and groups to a user’s buddy ...

5CVSS6.7AI score0.0238EPSS
cve
cve
added 2005/08/16 4:0 a.m.52 views

CVE-2004-2373

Technical details beyond the public description are not provided in the supplied documents; monitor for updates for potential details on affected products, versions, root cause, and remediation.

7.5CVSS7.2AI score0.02721EPSS
cve
cve
added 2005/03/20 5:0 a.m.50 views

CVE-2001-1421

AOL Instant Messenger (AIM) versions up to 4.7 are affected. The vulnerability arises when processing a benign-looking input consisting of a large number of different fonts followed by an HTML HR tag, which can trigger a remote denial of service resulting in an application crash. The affected pro...

5CVSS6.9AI score0.02424EPSS
cve
cve
added 2002/03/09 5:0 a.m.50 views

CVE-2002-0005

CVE-2002-0005 describes a remote buffer overflow in AOL Instant Messenger (AIM) on Windows triggered by a crafted AddGame request, allowing arbitrary code execution. Vulnerable AIM Windows clients include versions 1.0–3.0.1415 and 4.3.2229+ (4.8.2616 cited); the issue involves parsing a long argu...

10CVSS7.9AI score0.15536EPSS
cve
cve
added 2005/06/28 4:0 a.m.50 views

CVE-2002-1813

Vulnerability (CVE-2002-1813) : AOL Instant Messenger (AIM) 4.8.2790 is affected by a directory traversal flaw that allows remote attackers to cause arbitrary program execution by placing the target program in the href attribute of a link. The root cause is insufficient validation of the href in ...

2.6CVSS7.7AI score0.06865EPSS
cve
cve
added 2005/03/20 5:0 a.m.49 views

CVE-2001-1416

The CVE-2001-1416 entry concerns multiple cross-site scripting (XSS) vulnerabilities in the log messages of certain Alpha versions of AOL Instant Messenger (AIM) 4.4. The vulnerability allows remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) ...

5.1CVSS6.3AI score0.01605EPSS
cve
cve
added 2002/06/11 4:0 a.m.49 views

CVE-2002-0591

CVE-2002-0591 refers to a directory-traversal vulnerability in AOL Instant Messenger (AIM) up to and including version 4.8 beta and earlier . The flaw allows a remote attacker to create arbitrary files and execute commands via a Direct Connection using an IMG tag with a SRC attribute that specifi...

5CVSS7.6AI score0.11634EPSS
cve
cve
added 2007/06/22 6:0 p.m.48 views

CVE-2007-3350

CVE-2007-3350 affects AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP. The vulnerability allows remote attackers to cause a denial of service (application hang) by sending a flood of spoofed SIP INVITE requests. The public records note the issue as a DoS vector in SIP INVITE handling, with no ...

7.8CVSS6.5AI score0.01619EPSS
cve
cve
added 2000/12/19 5:0 a.m.47 views

CVE-2000-1093

AOL Instant Messenger contains buffer overflow vulnerabilities in the AIM URI handler and command-line/URI parsing that can be triggered by a long goim/aim request, allowing remote execution of arbitrary commands on affected clients. The issue affects AIM before 4.3.2229; exploitation can crash t...

7.5CVSS7.8AI score0.08057EPSS
cve
cve
added 2007/09/14 6:0 p.m.47 views

CVE-2007-4901

Affected software: AOL Instant Messenger (AIM) family on Windows (AIM 6.1.41.2, 6.2.32.1; AIM Pro; AIM Lite). Component/causal issue: embedded Internet Explorer server control (mshtml.dll) used to render HTML in instant messages, with insufficient input sanitization of inbound HTML content. Impac...

5.8CVSS6.8AI score0.02785EPSS
Web
cve
cve
added 2005/03/13 5:0 a.m.45 views

CVE-2002-1591

AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to Internet Explorer’s Trusted Sites Zone without user approval, potentially allowing code from that domain to bypass access restrictions. The connected documents provide AIM as the affected product and indicate the root cause is improper Tru...

7.5CVSS7.1AI score0.01682EPSS
cve
cve
added 2005/05/18 4:0 a.m.45 views

CVE-2005-1655

AOL Instant Messenger (AIM) 5.5.x and earlier is affected. The vulnerability arises when the client handles a font tag with an invalid smiley icon location in the sml parameter, allowing a remote attacker to cause a denial of service (client crash). The affected component is the AIM client’s pars...

5CVSS6.6AI score0.02414EPSS
cve
cve
added 2004/09/01 4:0 a.m.44 views

CVE-2002-0362

CVE-2002-0362: A buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote code execution via a long AddExternalApp request using a TLV type greater than 0x2711. Vulnerable component: AIM client input handling for AddExternalApp TLV. Exploit scenario: remote attacker sends crafte...

7.5CVSS8.3AI score0.03766EPSS
cve
cve
added 2003/04/02 5:0 a.m.43 views

CVE-2002-0785

AOL Instant Messenger (AIM) is affected by CVE-2002-0785: remote attackers can cause a crash (DoS) by sending an AddBuddy link where the ScreenName parameter contains a very long list of comma-separated values, potentially triggering a buffer overflow. This description reflects the vulnerability ...

5CVSS7.3AI score0.03742EPSS
cve
cve
added 2007/10/25 7:0 p.m.43 views

CVE-2003-1503

Affected software: AOL Instant Messenger (AIM) 5.2.3292. Vulnerability: Buffer overflow in handling an aim:getfile URL with a long screen name. Impact: Allows remote attackers to execute arbitrary code. Root cause: Buffer overflow in AIM’s URL handling/ascii processing (per available reports). Re...

10CVSS8.3AI score0.04619EPSS
cve
cve
added 2005/06/28 4:0 a.m.42 views

CVE-2002-1953

The CVE-2002-1953 issue affects AOL Instant Messenger (AIM) versions 4.4–4.8.2616, specifically the goim handler. It is a heap-based buffer overflow triggered by escaping the screen name parameter when a user selects Get Info on a buddy, leading to a denial of service (crash). Public exploit deta...

5CVSS7.5AI score0.01866EPSS
cve
cve
added 2006/02/10 11:0 a.m.42 views

CVE-2006-0629

CVE-2006-0629 affects AOL Instant Messenger (AIM) 5.9.3861. An attacker can trigger a buffer overflow by causing a user to request Buddy Info for a long screen name, potentially crashing the client and possibly enabling arbitrary code execution. No fix/version details are provided in the supplied...

5.1CVSS7.9AI score0.02724EPSS