AOL Instant Messenger - Directory Traversal and Arbitrary File Write via IMG Tag SRC Attribute
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.