|
AOL Instant Messenger Predictable File Location Weakness
|
|
Secunia Advisory:
|
SA10930
|
|
|
Release Date:
|
2004-02-20
|
|
Popularity:
|
11,526 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | AOL Instant Messenger (AIM) 5.x
AOL Instant Messenger 4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Michael Evanchik has reported a weakness in AOL Instant Messenger, which potentially can be exploited in combination with known browser vulnerabilities and functionality to compromise users' systems.
The problem is that AOL Instant Messenger reportedly creates buddy icons in predictable locations in which arbitrary script code can be placed.
This can be used to place malicious content in a predictable file on a user's system. Combined with certain known browser vulnerabilities and functionality, which allows arbitrary files on a user's system to be read, this may allow execution of script code in context of the "My Computer" security zone.
The weakness has been reported in versions 4.3 through 5.5. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
