CVE-2004-2373

AOL Instant Messenger <5.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2373. PoCs published by Michael Evanchik.

AI-analyzed exploit summary This exploit leverages a predictable file location vulnerability in AOL Instant Messenger to overwrite a shortcut file, leading to arbitrary code execution via an HTA file hosted on a remote server. The script uses ActiveX to modify the shortcut and execute it.

Description

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michael Evanchik · textremotewindows
https://www.exploit-db.com/exploits/23730

This exploit leverages a predictable file location vulnerability in AOL Instant Messenger to overwrite a shortcut file, leading to arbitrary code execution via an HTA file hosted on a remote server. The script uses ActiveX to modify the shortcut and execute it.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AOL Instant Messenger versions 4.3 to 5.5
No auth needed
Prerequisites: Victim must execute the script in a context where ActiveX is enabled (e.g., Internet Explorer) · Attacker must host an HTA file on a controlled server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/354448
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9698
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15310

Scores

EPSS 0.0272
EPSS Percentile 84.3%

Details

Status published
Products (15)
aol/instant_messenger 4.3
aol/instant_messenger 4.3.2229
aol/instant_messenger 4.4
aol/instant_messenger 4.5
aol/instant_messenger 4.6
aol/instant_messenger 4.7
aol/instant_messenger 4.7.2480
aol/instant_messenger 4.8.2616
aol/instant_messenger 4.8.2646
aol/instant_messenger 4.8.2790
... and 5 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026