Vulnerabilities > CVE-2007-1904 - Directory Traversal vulnerability in AOL ICQ and Instant Messenger
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE network
aol
Summary
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508
- http://secunia.com/advisories/24747
- http://secunia.com/advisories/24803
- http://www.securityfocus.com/bid/23391
- http://www.securitytracker.com/id?1017890
- http://www.securitytracker.com/id?1017891
- http://www.vupen.com/english/advisories/2007/1306
- http://www.vupen.com/english/advisories/2007/1307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33538