AOL Instant Messenger Arbitrary File Forced Download

High Nessus Network Monitor Plugin ID 1244


An attacker can silently download files to the remote AOL Client


The remote host is running AOL Instant Messenger (AIM). A vulnerability has been discovered in AIM that could allow an attacker to force a user to download an attacker supplied file. If a vulnerable user has an option enabled that allows users to download files without a prompt, it may be possible to force the user to download a file. The file will be transferred without prompting the target user for authorization.


Disable the option which ignores file transfer prompts.

Plugin Details

Severity: High

ID: 1244

Published: 2004/08/20

Modified: 2018/09/16

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 7.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:W/RC:ND


Base Score: 8.1

Temporal Score: 7.9


Temporal Vector: CVSS3#E:H/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

BID: 6259