CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5124

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
http://www.securityfocus.com/archive/1/480647/100/0/threaded
http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
http://www.securityfocus.com/archive/1/480647/100/0/threaded

Products affected by CVE-2007-5124

Aol » Instant Messenger » Version: Any

cpe:2.3:a:aol:instant_messenger:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5124

Products

Pricing

Contact Us