AOL Instant Messenger本地文件执行漏洞

AOL Instant Messenger本地文件执行漏洞

漏洞ID 1107074 漏洞类型 路径遍历
发布时间 2002-10-22 更新时间 2005-10-20
图片[1]-AOL Instant Messenger本地文件执行漏洞-安全小百科CVE编号 CVE-2002-1813
图片[2]-AOL Instant Messenger本地文件执行漏洞-安全小百科CNNVD-ID CNNVD-200212-152
漏洞平台 Windows CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/21958
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-152
|漏洞详情
AOLInstantMessenger(AIM)4.8.2790版本存在目录遍历漏洞。远程攻击者通过修改连接中href属性的程序执行任意程序。
|漏洞EXP
source: http://www.securityfocus.com/bid/6027/info

AOL Instant Messenger (AIM) is prone to an issue which may allow attackers to execute arbitrary files on the client system. It is possible to send a malicious link which references local files to a user of the client. When the link is visited, the referenced file on the client's local filesystem will be executed.

To exploit this issue, the attacker must know the exact location of the file to be executed. Additionally, there can be no spaces in the path or filename. This limits exploitability, since files must be on the same partition and command line arguments cannot be supplied.

Versions other than AOL Instant Messenger 4.8.2790 do not seem to be affected by this vulnerability. The vulnerability was reported for Microsoft Windows versions of the client. 

<a href ="../../../../progra~1/trojan/trojan.exe">www.example.com</a>
|参考资料

来源:XF
名称:aim-url-execute-files(10441)
链接:http://www.iss.net/security_center/static/10441.php
来源:BID
名称:6027
链接:http://www.securityfocus.com/bid/6027
来源:BUGTRAQ
名称:20021021AIM4.8.2790remotefileexecutionvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0319.html

相关推荐: Groove Virtual Office漏洞

Groove Virtual Office漏洞 漏洞ID 1199062 漏洞类型 未知 发布时间 2005-05-20 更新时间 2005-05-20 CVE编号 CVE-2005-1675 CNNVD-ID CNNVD-200505-1138 漏洞平台 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享