CVE-2007-5124
N/A
N/A
Summary
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
- http://www.securityfocus.com/archive/1/480647/100/0/threaded
References
- http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
- http://www.securityfocus.com/archive/1/480647/100/0/threaded
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.