5.8

CVE-2007-4901

EPSS 1.99%
Veröffentlicht 14.09.2007 18:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aol ≫ Aim Lite

Aol ≫ Aim Pro

Aol ≫ Instant Messenger Version6.2.32.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.99%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx

http://secunia.com/advisories/26786

http://securityreason.com/securityalert/3136

http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924

http://www.securityfocus.com/archive/1/479199/100/0/threaded

http://www.securityfocus.com/archive/1/479435/100/0/threaded

http://www.securityfocus.com/archive/1/480587/100/0/threaded

http://www.securityfocus.com/archive/1/480647/100/0/threaded

http://www.securityfocus.com/bid/25659

https://nvd.nist.gov/vuln/detail/CVE-2007-4901

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4901

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4901

EUVD