Vulnerability Description
The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aol | Instant Messenger | 4.3 |
References
- http://www.securityfocus.com/archive/1/354448Vendor Advisory
- http://www.securityfocus.com/bid/9698Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15310
- http://www.securityfocus.com/archive/1/354448Vendor Advisory
- http://www.securityfocus.com/bid/9698Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15310
FAQ
What is CVE-2004-2373?
CVE-2004-2373 is a vulnerability with a CVSS score of 7.5 (HIGH). The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that inv...
How severe is CVE-2004-2373?
CVE-2004-2373 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2373?
Check the references section above for vendor advisories and patch information. Affected products include: Aol Instant Messenger.