AOL Instant Messenger Active File Transfer Hijacking

medium Nessus Network Monitor Plugin ID 1250

Synopsis

The remote client passes network data in an insecure manner

Description

The remote host is running AOL Instant Messenger (AIM). In certain versions of AIM it is possible for a remote attacker to intercept data sent by the AIM client.

Solution

Upgrade to the latest version of AOL Instant Messenger.

Plugin Details

Severity: Medium

ID: 1250

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:aol:aim

Reference Information

CVE: CVE-2002-0592

BID: 4574