30 matches found
CVE-2001-1420
CVE-2001-1420 affects AOL Instant Messenger (AIM) 4.7. The vulnerability is a denial of service caused by processing a long filename, likely due to a buffer overflow in the file/name handling path, which can crash the application when a crafted filename is encountered. The exposed impact is a loc...
CVE-1999-0486
CVE-1999-0486 affects AOL Instant Messenger. A remote attacker sending a malicious hyperlink to a receiving client can trigger a denial of service, potentially crashing the system. Multiple connected sources (Red Hat advisory, CVE lists, NVD/NIST entry) corroborate the basic impact and vector as ...
CVE-2001-1417
CVE-2001-1417 affects AOL Instant Messenger (AIM) 4.7. An attacker can trigger a denial of service by sending a buddy icon GIF where the length/width values exceed the actual image data, causing the application to hang or crash. The available sources (NVD/CVE records) describe the impact as a DoS...
CVE-2007-1904
CVE-2007-1904 describes a directory-traversal vulnerability in AOL Instant Messenger (AIM) ≤ 5.9 and ICQ ≤ 5.1 (likely earlier) that allows user-assisted remote attackers to write files to arbitrary locations by supplying a filename containing .. in a file transfer operation. The core issue is im...
CVE-2001-1419
The CVE-2001-1419 entry concerns AOL Instant Messenger (AIM) versions 4.7.2480 and earlier. The vulnerability arises when processing an instant message containing a large amount of HTML comments "
CVE-2007-5124
CVE-2007-5124 concerns AOL AIM 6.5.3.12 and earlier, where an embedded Internet Explorer server control in the AIM client renders HTML content from IM messages without proper sanitization, enabling remote code execution. The root cause relates to inadequate handling of mshtml-based HTML/JS in mes...
CVE-2004-0636
CVE-2004-0636 describes a buffer overflow in AOL Instant Messenger (AIM) 5.5’s goaway URI handler. The goaway function overflows when processing a long Away message, enabling a remote attacker to execute arbitrary code or cause a crash. Affected versions include AIM 5.5 and 5.5.3595. Connected so...
CVE-2000-0190
CVE-2000-0190 affects the AOL Instant Messenger (AIM) client. The vulnerability arises when processing a message containing a malformed ASCII value, which can cause a denial of service. The NVD metrics report a CVSSv2 base score of 5.0 (Medium) with network attack vector, low attack complexity, a...
CVE-2002-0592
CVE-2002-0592 affects AOL Instant Messenger (AIM). The vulnerability allows remote attackers to steal files being transferred to other clients by connecting to AIM’s Direct Connection port 4443 or file transfer port 5190 before the intended user. The available sources describe this as a scheme to...
CVE-2007-3437
CVE-2007-3437 affects AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP. It is a remote denial of service vulnerability triggered by a malformed SIP INVITE header value, causing the AIM application to crash. The vulnerability is described as distinct from CVE-2007-3350 (a separate SIP INVITE flo...
CVE-2000-0383
CVE-2000-0383 concerns AOL Instant Messenger’s file transfer component disclosing the sender’s local file path to the recipient. The CERT/CC entry notes this as an exposure that could enable privacy/security inferences about the sender’s machine. The description in CVE records this behavior; vend...
CVE-2000-1000
Summary: CVE-2000-1000 is a format-string vulnerability in AOL Instant Messenger (AIM) 4.1 and earlier. The issue arises when transferring a file whose name contains format specifiers, which can cause a denial of service and may allow arbitrary command execution. Root cause: format-string handlin...
CVE-2001-1418
CVE-2001-1418 affects AOL Instant Messenger (AIM) 4.7, where remote attackers can trigger a denial of service by sending a malformed WAV file. The vulnerability is described with a MEDIUM base score (5.0) and a network attack vector with no authentication required; exploitation details are not pr...
CVE-2002-2169
CVE-2002-2169 affects AOL Instant Messenger (AIM) 4.5 and 4.7 on MacOS and Windows. A crafted URL containing a META HTTP-EQUIV="refresh" tag to an aim: URL triggers cross-site scripting, enabling remote attackers to perform unauthorized actions such as adding buddies and groups to a user’s buddy ...
CVE-2004-2373
Technical details beyond the public description are not provided in the supplied documents; monitor for updates for potential details on affected products, versions, root cause, and remediation.
CVE-2001-1421
AOL Instant Messenger (AIM) versions up to 4.7 are affected. The vulnerability arises when processing a benign-looking input consisting of a large number of different fonts followed by an HTML HR tag, which can trigger a remote denial of service resulting in an application crash. The affected pro...
CVE-2002-0005
CVE-2002-0005 describes a remote buffer overflow in AOL Instant Messenger (AIM) on Windows triggered by a crafted AddGame request, allowing arbitrary code execution. Vulnerable AIM Windows clients include versions 1.0–3.0.1415 and 4.3.2229+ (4.8.2616 cited); the issue involves parsing a long argu...
CVE-2002-1813
Vulnerability (CVE-2002-1813) : AOL Instant Messenger (AIM) 4.8.2790 is affected by a directory traversal flaw that allows remote attackers to cause arbitrary program execution by placing the target program in the href attribute of a link. The root cause is insufficient validation of the href in ...
CVE-2001-1416
The CVE-2001-1416 entry concerns multiple cross-site scripting (XSS) vulnerabilities in the log messages of certain Alpha versions of AOL Instant Messenger (AIM) 4.4. The vulnerability allows remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) ...
CVE-2002-0591
CVE-2002-0591 refers to a directory-traversal vulnerability in AOL Instant Messenger (AIM) up to and including version 4.8 beta and earlier . The flaw allows a remote attacker to create arbitrary files and execute commands via a Direct Connection using an IMG tag with a SRC attribute that specifi...
CVE-2007-3350
CVE-2007-3350 affects AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP. The vulnerability allows remote attackers to cause a denial of service (application hang) by sending a flood of spoofed SIP INVITE requests. The public records note the issue as a DoS vector in SIP INVITE handling, with no ...
CVE-2000-1093
AOL Instant Messenger contains buffer overflow vulnerabilities in the AIM URI handler and command-line/URI parsing that can be triggered by a long goim/aim request, allowing remote execution of arbitrary commands on affected clients. The issue affects AIM before 4.3.2229; exploitation can crash t...
CVE-2007-4901
Affected software: AOL Instant Messenger (AIM) family on Windows (AIM 6.1.41.2, 6.2.32.1; AIM Pro; AIM Lite). Component/causal issue: embedded Internet Explorer server control (mshtml.dll) used to render HTML in instant messages, with insufficient input sanitization of inbound HTML content. Impac...
CVE-2002-1591
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to Internet Explorer’s Trusted Sites Zone without user approval, potentially allowing code from that domain to bypass access restrictions. The connected documents provide AIM as the affected product and indicate the root cause is improper Tru...
CVE-2005-1655
AOL Instant Messenger (AIM) 5.5.x and earlier is affected. The vulnerability arises when the client handles a font tag with an invalid smiley icon location in the sml parameter, allowing a remote attacker to cause a denial of service (client crash). The affected component is the AIM client’s pars...
CVE-2002-0362
CVE-2002-0362: A buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote code execution via a long AddExternalApp request using a TLV type greater than 0x2711. Vulnerable component: AIM client input handling for AddExternalApp TLV. Exploit scenario: remote attacker sends crafte...
CVE-2002-0785
AOL Instant Messenger (AIM) is affected by CVE-2002-0785: remote attackers can cause a crash (DoS) by sending an AddBuddy link where the ScreenName parameter contains a very long list of comma-separated values, potentially triggering a buffer overflow. This description reflects the vulnerability ...
CVE-2003-1503
Affected software: AOL Instant Messenger (AIM) 5.2.3292. Vulnerability: Buffer overflow in handling an aim:getfile URL with a long screen name. Impact: Allows remote attackers to execute arbitrary code. Root cause: Buffer overflow in AIM’s URL handling/ascii processing (per available reports). Re...
CVE-2002-1953
The CVE-2002-1953 issue affects AOL Instant Messenger (AIM) versions 4.4–4.8.2616, specifically the goim handler. It is a heap-based buffer overflow triggered by escaping the screen name parameter when a user selects Get Info on a buddy, leading to a denial of service (crash). Public exploit deta...
CVE-2006-0629
CVE-2006-0629 affects AOL Instant Messenger (AIM) 5.9.3861. An attacker can trigger a buffer overflow by causing a user to request Buddy Info for a long screen name, potentially crashing the client and possibly enabling arbitrary code execution. No fix/version details are provided in the supplied...