CVE-2007-1904 : Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allo

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

Published 2007-04-10 23:19:00

Updated 2017-07-29 01:31:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2007-1904

Probability of exploitation activity in the next 30 days: 2.35%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-1904

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2007-1904

Products affected by CVE-2007-1904

AOL » Instant Messenger
Versions up to, including, (<=) 5.9.3861
cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*
Matching versions
AOL » ICQ
Versions up to, including, (<=) 5.1
cpe:2.3:a:aol:icq:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-1904

Exploit prediction scoring system (EPSS) score for CVE-2007-1904

CVSS scores for CVE-2007-1904

References for CVE-2007-1904

Products affected by CVE-2007-1904