Back to search
CVE-2007-3833
Published: Jul 17, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-2546
vdb-entry
x_refsource_VUPEN
26086
third-party-advisory
x_refsource_SECUNIA
http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html
x_refsource_MISC
24927
vdb-entry
x_refsource_BID
trillian-aim-file-create(35449)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now