A vulnerability has been discovered in AOL Instant Messenger, which can be exploited by malicious people to execute arbitrary script code.
Input passed to the AIM client via an IM message is not properly sanitised before being displayed to the user in e.g. a message window or Notification window. This can be exploited to e.g. execute arbitrary script code in the Local Zone (My Computer) context by sending a specially crafted IM message to another user.
NOTE: The Notification window vector only allows for a limited amount of script code to be executed.
The vulnerability is reported in versions 18.104.22.168, 22.214.171.124, AIM Pro, and AIM Lite, and is confirmed in version 126.96.36.199 for the Notification window vector. Other versions may also be affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org