3 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de imagen. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. • http://marc.info/?l=bugtraq&m=111816939928640&w=2 http://marc.info/?l=bugtraq&m=111817881214343&w=2 http://securitytracker.com/id?1014145 http://www.securityfocus.com/bid/13880 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. • https://www.exploit-db.com/exploits/20511 http://marc.info/?l=bugtraq&m=97668265628917&w=2 http://marc.info/?l=bugtraq&m=97683774417132&w=2 http://www.atstake.com/research/advisories/2000/a121200-1.txt http://www.osvdb.org/1692 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •