Vulnerabilities (CVE)

Filtered by vendor Aol Subscribe
Total 59 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1503 1 Aol 1 Instant Messenger 2024-02-14 10.0 HIGH N/A
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
CVE-2000-1094 1 Aol 1 Aim 2024-02-09 7.5 HIGH N/A
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
CVE-2005-1891 2 Aol, Microsoft 2 Aim, Windows 2024-02-08 5.0 MEDIUM 7.5 HIGH
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.
CVE-2009-3658 1 Aol 1 Superbuddy Activex Control 2024-02-03 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
CVE-2014-5570 1 Aol 1 Dailyfinance - Stocks \& News 2023-12-10 5.4 MEDIUM N/A
The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2012-5816 1 Aol 1 Aim 2023-12-10 5.8 MEDIUM N/A
AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2009-4494 1 Aol 1 Aolserver 2023-12-10 5.0 MEDIUM N/A
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2010-1374 2 Aol, Apple 3 Aim, Mac Os X, Mac Os X Server 2023-12-10 4.3 MEDIUM N/A
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
CVE-2009-2404 4 Aol, Gnome, Mozilla and 1 more 7 Instant Messenger, Evolution, Firefox and 4 more 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
CVE-2006-3888 1 Aol 1 Ygp Pic Downloader Activex Control 2023-12-10 7.5 HIGH N/A
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
CVE-2007-1767 1 Aol 1 Aol Client Software 2023-12-10 7.8 HIGH N/A
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.
CVE-2007-1904 1 Aol 2 Icq, Instant Messenger 2023-12-10 4.3 MEDIUM N/A
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
CVE-2007-3350 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2023-12-10 7.8 HIGH N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.
CVE-2007-3437 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2023-12-10 7.8 HIGH N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
CVE-2007-6250 2 Aol, Microsoft 2 Aolmediaplaybackcontrol, Ampx 2023-12-10 9.3 HIGH N/A
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.
CVE-2006-5650 1 Aol 1 Icq 2023-12-10 7.5 HIGH N/A
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
CVE-2006-5502 1 Aol 1 Aol 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
CVE-2007-5755 1 Aol 1 Radio 2023-12-10 9.3 HIGH N/A
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
CVE-2006-3887 1 Aol 1 Ygp Screensaver Activex Control 2023-12-10 7.5 HIGH N/A
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-5124 1 Aol 1 Instant Messenger 2023-12-10 6.8 MEDIUM N/A
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.