CVE-2002-2169

Name of the Vulnerable Software and Affected Versions: AOL Instant Messenger (AIM) versions 4.5 through 4.7

Description: The issue allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.

Recommendations: For AOL Instant Messenger (AIM) versions 4.5 through 4.7, consider disabling the handling of aim: URLs until a patch is available. Restrict access to adding buddies and groups to minimize the risk of exploitation.