The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
2004-12-31T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | aol | instant_messenger | 4.3 | Yes |
| Application | aol | instant_messenger | 4.3.2229 | Yes |
| Application | aol | instant_messenger | 4.4 | Yes |
| Application | aol | instant_messenger | 4.5 | Yes |
| Application | aol | instant_messenger | 4.6 | Yes |
| Application | aol | instant_messenger | 4.7 | Yes |
| Application | aol | instant_messenger | 4.7.2480 | Yes |
| Application | aol | instant_messenger | 4.8.2616 | Yes |
| Application | aol | instant_messenger | 4.8.2646 | Yes |
| Application | aol | instant_messenger | 4.8.2790 | Yes |
| Application | aol | instant_messenger | 5.0.2938 | Yes |
| Application | aol | instant_messenger | 5.1.3036 | Yes |
| Application | aol | instant_messenger | 5.2.3292 | Yes |
| Application | aol | instant_messenger | 5.5 | Yes |
| Application | aol | instant_messenger | 5.5.3415_beta | Yes |