CVE-2002-0591

AOL Instant Messenger - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Noah Johnson · htmlremotewindows
https://www.exploit-db.com/exploits/21386

References (3)

Scores

EPSS 0.1108
EPSS Percentile 93.5%

Details

Status published
Products (9)
aol/instant_messenger 4.0
aol/instant_messenger 4.1
aol/instant_messenger 4.2
aol/instant_messenger 4.3
aol/instant_messenger 4.4
aol/instant_messenger 4.5
aol/instant_messenger 4.6
aol/instant_messenger 4.7
aol/instant_messenger 4.8_beta
Published Jun 18, 2002
Tracked Since Feb 18, 2026