PT-2001-2510 · Aol · Aol Instant Messenger

Published

2001-01-18

Updated

2008-09-05

CVE-2001-1416

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AOL Instant Messenger (AIM) version 4.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in log messages within certain Alpha versions of the software. These vulnerabilities allow remote attackers to execute arbitrary web script or HTML via images in the DATA, STYLE, or BINARY tags.

Recommendations For AOL Instant Messenger (AIM) version 4.4, update to a version that addresses these XSS vulnerabilities to prevent remote attackers from executing arbitrary web scripts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1416

Affected Products

Aol Instant Messenger

PT-2001-2510 · Aol · Aol Instant Messenger

CVE-2001-1416

Related Identifiers

Affected Products

References · 4