CVE-2001-1420

AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.

CVE-1999-0486

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash.

CVE-2001-1417

AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.

CVE-2000-0190

AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.

CVE-2000-0383

The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.

CVE-2000-1000

Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.

CVE-2001-1416

Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.

CVE-2001-1418

AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.

CVE-2002-2169

Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.

CVE-2001-1421

AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.

CVE-2001-1419

AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "

CVE-2002-0591

Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.

CVE-2007-4901

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected ...

CVE-2002-0785

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

CVE-2005-1655

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.

CVE-2006-0629

Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow.

CVE-2002-1953

Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.