Vulnerability Details CVE-2002-0591
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.097
EPSS Ranking 92.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html
- http://www.iss.net/security_center/static/8870.php
- http://www.securityfocus.com/bid/4526
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html
- http://www.iss.net/security_center/static/8870.php
- http://www.securityfocus.com/bid/4526
Products affected by CVE-2002-0591
-
cpe:2.3:a:aol:instant_messenger:4.0
-
cpe:2.3:a:aol:instant_messenger:4.1
-
cpe:2.3:a:aol:instant_messenger:4.2
-
cpe:2.3:a:aol:instant_messenger:4.3
-
cpe:2.3:a:aol:instant_messenger:4.4
-
cpe:2.3:a:aol:instant_messenger:4.5
-
cpe:2.3:a:aol:instant_messenger:4.6
-
cpe:2.3:a:aol:instant_messenger:4.7
-
cpe:2.3:a:aol:instant_messenger:4.8_beta