Vulnerability Description
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aol | Instant Messenger | 4.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8870.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4526ExploitVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/8870.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4526ExploitVendor Advisory
FAQ
What is CVE-2002-0591?
CVE-2002-0591 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag wit...
How severe is CVE-2002-0591?
CVE-2002-0591 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0591?
Check the references section above for vendor advisories and patch information. Affected products include: Aol Instant Messenger.