Secunia Advisory: SA10930
Release Date: 2004-02-20
Critical: Not critical
Impact:
Where: From remote
Software: AOL Instant Messenger 4.x
AOL Instant Messenger 5.x
Description:
Michael Evanchik has reported a weakness in AOL Instant Messenger, which potentially can be exploited in combination with known browser vulnerabilities and functionality to compromise users' systems.
The problem is that AOL Instant Messenger reportedly creates buddy icons in predictable locations in which arbitrary script code can be placed.
This can be used to place malicious content in a predictable file on a user's system. Combined with certain known browser vulnerabilities and functionality, which allows arbitrary files on a user's system to be read, this may allow execution of script code in context of the "My Computer" security zone.
The weakness has been reported in versions 4.3 through 5.5. Other versions may also be affected.
Solution:
Disable use of buddy icons ("My Aim" > "Edit Options" > "Edit Preferences" > "Buddy Icons").
http://secunia.com/advisories/10930/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic