CVE-2007-1904

Name of the Vulnerable Software and Affected Versions: AOL Instant Messenger (AIM) versions 5.9 and earlier ICQ versions 5.1 and earlier

Description: A directory traversal issue allows remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. This can be exploited when a user assists the attacker, for example, by accepting a malicious file transfer.

Recommendations: For AOL Instant Messenger (AIM) versions 5.9 and earlier, update to a version later than 5.9 to resolve the issue. For ICQ versions 5.1 and earlier, update to a version later than 5.1 to resolve the issue.