Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AOL Instant Messenger Arbitrary File Forced Download



An attacker can silently download files to the remote AOL Client


The remote host is running AOL Instant Messenger (AIM). A vulnerability has been discovered in AIM that could allow an attacker to force a user to download an attacker supplied file. If a vulnerable user has an option enabled that allows users to download files without a prompt, it may be possible to force the user to download a file. The file will be transferred without prompting the target user for authorization.


Disable the option which ignores file transfer prompts.