AOL Instant Messenger Active File Transfer Hijacking

Medium Nessus Network Monitor Plugin ID 1250

Synopsis

The remote client passes network data in an insecure manner

Description

The remote host is running AOL Instant Messenger (AIM). In certain versions of AIM it is possible for a remote attacker to intercept data sent by the AIM client.

Solution

Upgrade to the latest version of AOL Instant Messenger.

Plugin Details

Severity: Medium

ID: 1250

File Name: 1250.prm

Published: 2004/08/20

Modified: 2016/01/21

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

CVE: CVE-2002-0592

BID: 4574

OSVDB: 9536