CVE-2007-5124

Name of the Vulnerable Software and Affected Versions AOL Instant Messenger (AIM) versions 6.5.3.12 and earlier

Description The issue allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message. This is related to AIM's filtering of specific tags and attributes and the lack of Local Machine Zone lockdown.

Recommendations For AOL Instant Messenger (AIM) versions 6.5.3.12 and earlier, consider disabling the embedded Internet Explorer server control as a temporary workaround until a patch is available. Restrict the use of instant messaging features that may process web scripts or HTML to minimize the risk of exploitation.