PT-2002-2882 · Aol · Aol Instant Messenger
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-2169
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
AOL Instant Messenger (AIM) versions 4.5 through 4.7
Description:
The issue allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an
aim: URL.Recommendations:
For AOL Instant Messenger (AIM) versions 4.5 through 4.7, consider disabling the handling of
aim: URLs until a patch is available. Restrict access to adding buddies and groups to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aol Instant Messenger