The remote AOL Client may be coerced into running arbitrary HTML code
The remote host is running AOL Instant Messenger (AIM). AIM is prone to an issue that may allow maliciously crafted HTML to perform unauthorized actions (such as adding entries to the buddy list) on behalf of the user of a vulnerable client. This condition is due to how the client handles aim: URIs. These actions will be taken without prompting or notifying the user. This issue was reported for versions of AIM running on Microsoft Windows and MacOS. The Linux version of this client is not affected.
Upgrade to the latest version of AOL Instant Messenger.