Aol

Instant Messenger

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2007-5124

  • EPSS 1.27%
  • Veröffentlicht 27.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags...

5.8

CVE-2007-4901

  • EPSS 1.99%
  • Veröffentlicht 14.09.2007 18:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allow...

7.8

CVE-2007-3437

  • EPSS 0.67%
  • Veröffentlicht 27.06.2007 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.

7.8

CVE-2007-3350

  • EPSS 0.66%
  • Veröffentlicht 22.06.2007 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.

4.3

CVE-2007-1904

  • EPSS 1.18%
  • Veröffentlicht 10.04.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operat...

5.1

CVE-2006-0629

  • EPSS 1.73%
  • Veröffentlicht 10.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long scree...

5

CVE-2005-1655

Exploit
  • EPSS 3.39%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.

5

CVE-2001-1420

Exploit
  • EPSS 1.52%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.

7.5

CVE-2004-2373

Exploit
  • EPSS 3.06%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

10

CVE-2004-0636

  • EPSS 78.52%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.