Synopsis
An attacker can silently download files to the remote AOL Client
Description
The remote host is running AOL Instant Messenger (AIM). A vulnerability has been discovered in AIM that could allow an attacker to force a user to download an attacker supplied file. If a vulnerable user has an option enabled that allows users to download files without a prompt, it may be possible to force the user to download a file. The file will be transferred without prompting the target user for authorization.
Solution
Disable the option which ignores file transfer prompts.
Plugin Details
Risk Information
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X
Vulnerability Information
CPE: cpe:/a:aol:aim
Reference Information
BID: 6259