CVE-2002-0591

Name of the Vulnerable Software and Affected Versions AOL Instant Messenger (AIM) versions 4.8 beta and earlier

Description A directory traversal issue allows remote attackers to create arbitrary files and execute commands. This is achieved through a Direct Connection with an IMG tag that has a SRC attribute specifying the target filename.

Recommendations For versions 4.8 beta and earlier, consider disabling the Direct Connection feature to minimize the risk of exploitation until a patch is available. Restrict the ability to create arbitrary files and execute commands through the IMG tag with a SRC attribute.