CVE-2007-4901
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.
El control de servidor de Internet Explorer integrado en AOL Instant Messenger (AIM) versiones 6.1.41.2 y 6.2.32.1, AIM Pro y AIM Lite, no restringe apropiadamente el uso del script web y la funcionalidad HTML de la biblioteca mshtml.dll para mensajes instantáneos entrantes, que permite a atacantes remotos colocar HTML en contextos inesperados o ejecutar código arbitrario, como es demostrado al escribir HTML arbitrario en una ventana de notificación, y al escribir contenido de archivos de imagen local arbitrarios en esta ventana por medio de IMG SRC.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-14 CVE Reserved
- 2007-09-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx | X_refsource_misc | |
http://secunia.com/advisories/26786 | Third Party Advisory | |
http://securityreason.com/securityalert/3136 | Third Party Advisory | |
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924 | X_refsource_misc | |
http://www.securityfocus.com/archive/1/479199/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/479435/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/480587/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/480647/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/25659 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Aol Search vendor "Aol" | Aim Lite Search vendor "Aol" for product "Aim Lite" | * | - |
Affected
| ||||||
Aol Search vendor "Aol" | Aim Pro Search vendor "Aol" for product "Aim Pro" | * | - |
Affected
| ||||||
Aol Search vendor "Aol" | Instant Messenger Search vendor "Aol" for product "Instant Messenger" | 6.2.32.1 Search vendor "Aol" for product "Instant Messenger" and version "6.2.32.1" | - |
Affected
|