// For flags

CVE-2007-4901

 

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.

El control de servidor de Internet Explorer integrado en AOL Instant Messenger (AIM) versiones 6.1.41.2 y 6.2.32.1, AIM Pro y AIM Lite, no restringe apropiadamente el uso del script web y la funcionalidad HTML de la biblioteca mshtml.dll para mensajes instantáneos entrantes, que permite a atacantes remotos colocar HTML en contextos inesperados o ejecutar código arbitrario, como es demostrado al escribir HTML arbitrario en una ventana de notificación, y al escribir contenido de archivos de imagen local arbitrarios en esta ventana por medio de IMG SRC.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-14 CVE Reserved
  • 2007-09-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Aol
Search vendor "Aol"
Aim Lite
Search vendor "Aol" for product "Aim Lite"
*-
Affected
Aol
Search vendor "Aol"
Aim Pro
Search vendor "Aol" for product "Aim Pro"
*-
Affected
Aol
Search vendor "Aol"
Instant Messenger
Search vendor "Aol" for product "Instant Messenger"
6.2.32.1
Search vendor "Aol" for product "Instant Messenger" and version "6.2.32.1"
-
Affected