VYPR
Unrated severityNVD Advisory· Published Apr 10, 2007· Updated Jun 16, 2026

CVE-2007-1904

CVE-2007-1904

Description

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

Affected products

4
  • cpe:2.3:a:aol:icq:*:*:*:*:*:*:*:*
    Range: <=5.1
  • cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*range: <=5.9.3861
    • (no CPE)range: <=5.9
  • Icq/Icqllm-fuzzy
    Range: <=5.1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.