Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AOL Instant Messenger <= 6.1.41.2 Control Notification Window Script Injection

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote client is running AOL Instant Messenger. This version of AIM is vulnerable to a flaw where script code can be injected and executed by a malicious user. To exploit this flaw, an attacker would only need to be able to send a message to an unsuspecting user. Successful exploitation would result in the attacker executing arbitrary script code.

Solution

Upgrade to a version higher than 6.1.41.2.