QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5124

Published: Sep 27, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx

x_refsource_MISC

20070925 RE: CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.