Published: 14/09/2007 Updated: 15/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote malicious users to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aol aim pro
aol instant messenger 6.2.32.1
aol aim lite

Core Security Technologies Advisory - Remote command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software Versions 61, 62, Pro, and Lite are affected ...

NVD-CWE-noinfo http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924 http://www.securityfocus.com/bid/25659 http://secunia.com/advisories/26786 http://securityreason.com/securityalert/3136 http://www.securityfocus.com/archive/1/480647/100/0/threaded http://www.securityfocus.com/archive/1/480587/100/0/threaded http://www.securityfocus.com/archive/1/479435/100/0/threaded http://www.securityfocus.com/archive/1/479199/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/59604/Core-Security-Technologies-Advisory-2007.0817.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4901

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect