CVE-2004-2373 - OpenCVE

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aol	Instant Messenger

Configuration 1 [-]

OR	cpe:2.3:a:aol:instant_messenger:4.3:::::::*
	cpe:2.3:a:aol:instant_messenger:4.3.2229:::::::*
	cpe:2.3:a:aol:instant_messenger:4.4:::::::*
	cpe:2.3:a:aol:instant_messenger:4.5:::::::*
	cpe:2.3:a:aol:instant_messenger:4.6:::::::*
	cpe:2.3:a:aol:instant_messenger:4.7:::::::*
	cpe:2.3:a:aol:instant_messenger:4.7.2480:::::::*
	cpe:2.3:a:aol:instant_messenger:4.8.2616:::::::*
	cpe:2.3:a:aol:instant_messenger:4.8.2646:::::::*
	cpe:2.3:a:aol:instant_messenger:4.8.2790:::::::*
	cpe:2.3:a:aol:instant_messenger:5.0.2938:::::::*
	cpe:2.3:a:aol:instant_messenger:5.1.3036:::::::*
	cpe:2.3:a:aol:instant_messenger:5.2.3292:::::::*
	cpe:2.3:a:aol:instant_messenger:5.5:::::::*
	cpe:2.3:a:aol:instant_messenger:5.5.3415_beta:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/354448
http://www.securityfocus.com/bid/9698
https://exchange.xforce.ibmcloud.com/vulnerabilities/15310

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-16T04:00:00

Updated: 2024-08-08T01:22:13.676Z

Reserved: 2005-08-16T00:00:00

Link: CVE-2004-2373

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:50.450

Link: CVE-2004-2373

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/354448"}, {"name": "9698", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9698"}, {"name": "aim-buddy-predictable-location(15310)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2373", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/354448"}, {"name": "9698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9698"}, {"name": "aim-buddy-predictable-location(15310)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:22:13.676Z"}, "title": "CVE Program Container", "references": [{"name": "20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/354448"}, {"name": "9698", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9698"}, {"name": "aim-buddy-predictable-location(15310)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2373", "datePublished": "2005-08-16T04:00:00", "dateReserved": "2005-08-16T00:00:00", "dateUpdated": "2024-08-08T01:22:13.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aol:instant_messenger:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E81E472E-45B5-465B-B2D7-40F906AC31E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.3.2229:*:*:*:*:*:*:*", "matchCriteriaId": "50A04B5F-F17B-4177-861B-66DFD4FBE225", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B2D8157E-3447-44BF-AC22-5A65F4C707E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "FDA52A0F-2A09-4FA8-AC10-2D1B6B41D13C", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C4FA9B9-E98C-435C-9F7A-D62E348D92D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E0ADB0D5-BD25-488D-87D3-426ABB036B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.7.2480:*:*:*:*:*:*:*", "matchCriteriaId": "11FCCE0C-E6F9-4A01-872E-38C5F23C479E", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.8.2616:*:*:*:*:*:*:*", "matchCriteriaId": "E80E2514-9F43-48FB-B55E-094F45088D7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.8.2646:*:*:*:*:*:*:*", "matchCriteriaId": "2E553111-8B78-4B66-95BC-FD0EE897DDC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:4.8.2790:*:*:*:*:*:*:*", "matchCriteriaId": "AEB04B46-B3A6-40B1-9519-EA8896033961", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:5.0.2938:*:*:*:*:*:*:*", "matchCriteriaId": "81FDEE59-4E96-4AA7-BE33-9199CF9EA9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:5.1.3036:*:*:*:*:*:*:*", "matchCriteriaId": "FD9C099B-C975-46A4-A9A2-F1160DDC0242", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:5.2.3292:*:*:*:*:*:*:*", "matchCriteriaId": "43DE333F-6793-4A80-8B61-3AF5EFD1B52F", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "6955CC4D-1130-46DB-819A-EAFB3BBDAB74", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:5.5.3415_beta:*:*:*:*:*:*:*", "matchCriteriaId": "1FDD88ED-D59C-4EA3-8C33-E255A39DC2F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations."}], "id": "CVE-2004-2373", "lastModified": "2017-07-11T01:31:50.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/354448"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/9698"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}