Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-2373. PoCs published by Michael Evanchik.
AI-analyzed exploit summary This exploit leverages a predictable file location vulnerability in AOL Instant Messenger to overwrite a shortcut file, leading to arbitrary code execution via an HTA file hosted on a remote server. The script uses ActiveX to modify the shortcut and execute it.
Description
The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
Exploits (1)
This exploit leverages a predictable file location vulnerability in AOL Instant Messenger to overwrite a shortcut file, leading to arbitrary code execution via an HTA file hosted on a remote server. The script uses ActiveX to modify the shortcut and execute it.