PT-2007-6220 · Aol+1 · Aol Instant Messenger+1

Published

2007-09-27

Updated

2018-10-15

CVE-2007-5124

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AOL Instant Messenger (AIM) versions 6.5.3.12 and earlier

Description The issue allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message. This is related to AIM's filtering of specific tags and attributes and the lack of Local Machine Zone lockdown.

Recommendations For AOL Instant Messenger (AIM) versions 6.5.3.12 and earlier, consider disabling the embedded Internet Explorer server control as a temporary workaround until a patch is available. Restrict the use of instant messaging features that may process web scripts or HTML to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-5124

Affected Products

Aol Instant Messenger

Internet Explorer

PT-2007-6220 · Aol+1 · Aol Instant Messenger+1

CVE-2007-5124

Weakness Enumeration

Related Identifiers

Affected Products

References · 3