AOL AIM and ICQ Clients Directory Traversal Vulnerability
BID:23391
Info
AOL AIM and ICQ Clients Directory Traversal Vulnerability
| Bugtraq ID: | 23391 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2007 12:00AM |
| Updated: | Apr 10 2007 04:31PM |
| Credit: | An anonymous researcher is credited with the discovery of the ICQ issue reported by iDefense Labs. The vendor reported the AOL AIM issue. |
| Vulnerable: |
ICQ Inc. ICQ 5.1 ICQ Inc. ICQ 5.04 build 2321 ICQ Inc. ICQ 5.03 ICQ Inc. ICQ 5.02 ICQ Inc. ICQ 4.14 ICQ Inc. ICQ 4.13 AOL Instant Messenger 5.9.3861 .0 AOL Instant Messenger 5.9.3797 AOL Instant Messenger 5.5.3595 AOL Instant Messenger 5.5.3415 Beta AOL Instant Messenger 5.5 AOL Instant Messenger 5.2.3292 AOL Instant Messenger 5.1.3036 AOL Instant Messenger 5.0.2938 AOL Instant Messenger 4.8.2790 AOL Instant Messenger 4.8.2616 AOL Instant Messenger 4.8 .2646 AOL Instant Messenger 4.7.2480 AOL Instant Messenger 4.7 AOL Instant Messenger 4.6 AOL Instant Messenger 4.5 AOL Instant Messenger 4.4 AOL Instant Messenger 4.3.2229 AOL Instant Messenger 4.3 AOL Instant Messenger 4.2.1193 AOL Instant Messenger 4.2 AOL Instant Messenger 4.1.2010 AOL Instant Messenger 4.1 AOL Instant Messenger 4.0 AOL Instant Messenger 3.5.1856 AOL Instant Messenger 3.5 .1808 AOL Instant Messenger 3.5 .1670 AOL Instant Messenger 3.5 .1635 AOL Instant Messenger 3.0.1415 AOL Instant Messenger 3.0 N AOL Instant Messenger 3.0 .1470 AOL Instant Messenger 2.5 .1598 AOL Instant Messenger 2.5 .1366 AOL Instant Messenger 2.1.1236 AOL Instant Messenger 2.0.996 AOL Instant Messenger 2.0.912 AOL Instant Messenger 2.0 N AOL Instant Messenger 1.2 AOL Instant Messenger 5.9.3702 |
| Not Vulnerable: | |
Discussion
AOL AIM and ICQ Clients Directory Traversal Vulnerability
AOL AIM and ICQ Clients are prone to a directory-traversal vulnerability because the software fails to properly sanitize user-supplied input during a file transfer.
An attacker may exploit this issue by enticing victims into receiving a malicious file via the application.
Successful exploits will allow attackers to save files on arbitrary locations on a victim's computer.
AOL AIM and ICQ Clients are prone to a directory-traversal vulnerability because the software fails to properly sanitize user-supplied input during a file transfer.
An attacker may exploit this issue by enticing victims into receiving a malicious file via the application.
Successful exploits will allow attackers to save files on arbitrary locations on a victim's computer.
Exploit / POC
AOL AIM and ICQ Clients Directory Traversal Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
AOL AIM and ICQ Clients Directory Traversal Vulnerability
Solution:
Vendors have released fixes. AOL AIM version 6.1 is available to address this issue. ICQ can be updated via automatic updates. Please see the references for more information.
Solution:
Vendors have released fixes. AOL AIM version 6.1 is available to address this issue. ICQ can be updated via automatic updates. Please see the references for more information.
References
AOL AIM and ICQ Clients Directory Traversal Vulnerability
References:
References:
- AOL Homepage (AOL)
- AOL Instant Messenger Home Page (AOL)
- ICQ Homepage (ICQ Inc.)
- iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversa (iDefense Labs)