Vulnerability CVE-2007-4901


Published: 2007-09-14   Modified: 2012-02-12

Description:
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.

See advisories in our WLB2 database:
Topic
Author
Date
Low
AIM Arbitrary HTML Display in Notification Window
shell
17.09.2007

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
AOL -> Aim lite 
AOL -> Aim pro 
AOL -> Instant messenger 

 References:
http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
http://securityreason.com/securityalert/3136
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924
http://www.securityfocus.com/archive/1/479199/100/0/threaded
http://www.securityfocus.com/archive/1/479435/100/0/threaded
http://www.securityfocus.com/archive/1/480587/100/0/threaded
http://www.securityfocus.com/archive/1/480647/100/0/threaded
http://www.securityfocus.com/bid/25659

Copyright 2022, cxsecurity.com

 

Back to Top