AOL Instant Messenger File Transfer Path Disclosure

Medium Nessus Network Monitor Plugin ID 1255

Synopsis

The remote client may reveal file path information

Description

The remote host is running AOL Instant Messenger (AIM). Version 4.0 of AIM reveals the full pathname of transferred files. This information could be used to leverage further attacks against the client's machine.

Solution

Upgrade to the latest version of AOL Instant Messenger.

Plugin Details

Severity: Medium

ID: 1255

File Name: 1255.prm

Published: 2004/08/20

Modified: 2016/02/05

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

CVSSv3

Base Score: 3.6

Temporal Score: 3.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

CVE: CVE-2000-0383

BID: 1180

OSVDB: 9532