AOL Instant Messenger <= 188.8.131.52 Control Notification Window Script Injection
Medium Nessus Network Monitor Plugin ID 4215
SynopsisThe remote host is vulnerable to a script injection attack.
DescriptionThe remote client is running AOL Instant Messenger.
This version of AIM is vulnerable to a flaw where script code can be injected and executed by a malicious user. To exploit this flaw, an attacker would only need to be able to send a message to an unsuspecting user. Successful exploitation would result in the attacker executing arbitrary script code.
SolutionUpgrade to a version higher than 184.108.40.206.