Unrated severityNVD Advisory· Published Jun 18, 2002· Updated Apr 16, 2026
CVE-2002-0591
CVE-2002-0591
Description
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
Affected products
9cpe:2.3:a:aol:instant_messenger:4.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:aol:instant_messenger:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:aol:instant_messenger:4.8_beta:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.iss.net/security_center/static/8870.phpnvdPatchVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2002-04/0203.htmlnvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/4526nvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.