AOL Instant Messenger File Transfer Path Disclosure

low Nessus Network Monitor Plugin ID 1255

Synopsis

The remote client may reveal file path information

Description

The remote host is running AOL Instant Messenger (AIM). Version 4.0 of AIM reveals the full pathname of transferred files. This information could be used to leverage further attacks against the client's machine.

Solution

Upgrade to the latest version of AOL Instant Messenger.

Plugin Details

Severity: Low

ID: 1255

Family: Internet Messengers

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

CVE: CVE-2000-0383

BID: 1180

Detections

Analytics