AOL Instant Messenger Arbitrary File Forced Download
High Nessus Network Monitor Plugin ID 1244
SynopsisAn attacker can silently download files to the remote AOL Client
DescriptionThe remote host is running AOL Instant Messenger (AIM). A vulnerability has been discovered in AIM that could allow an attacker to force a user to download an attacker supplied file. If a vulnerable user has an option enabled that allows users to download files without a prompt, it may be possible to force the user to download a file. The file will be transferred without prompting the target user for authorization.
SolutionDisable the option which ignores file transfer prompts.