icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

AOL Instant Messenger <= 6.1.41.2 Control Notification Window Script Injection

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote client is running AOL Instant Messenger. This version of AIM is vulnerable to a flaw where script code can be injected and executed by a malicious user. To exploit this flaw, an attacker would only need to be able to send a message to an unsuspecting user. Successful exploitation would result in the attacker executing arbitrary script code.

Solution

Upgrade to a version higher than 6.1.41.2.