Description
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
Affected products
- AOL / instant_messenger4.0 – 4.0
- AOL / instant_messenger4.1 – 4.1
- AOL / instant_messenger4.2 – 4.2
- AOL / instant_messenger4.3 – 4.3
- AOL / instant_messenger4.4 – 4.4
- AOL / instant_messenger4.5 – 4.5
- AOL / instant_messenger4.6 – 4.6
- AOL / instant_messenger4.7 – 4.7
- AOL / instant_messenger4.8_beta – 4.8_beta