Filtered by vendor Aol
Subscriptions
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1891 | 2 Aol, Microsoft | 2 Aim, Windows | 2026-04-16 | 7.5 High |
| The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | ||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | ||||
| CVE-2000-0190 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value. | ||||
| CVE-2000-0383 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient. | ||||
| CVE-2005-1655 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. | ||||
| CVE-2006-0629 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. | ||||
| CVE-2002-0591 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename. | ||||
| CVE-2002-2169 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL. | ||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2026-04-16 | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | ||||
| CVE-2000-1000 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. | ||||
| CVE-2000-1094 | 1 Aol | 1 Aim | 2026-04-16 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. | ||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | ||||
| CVE-2001-1417 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data. | ||||
| CVE-2003-1503 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. | ||||
| CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | ||||
| CVE-1999-0486 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. | ||||
| CVE-2011-10027 | 1 Aol | 1 Aol | 2026-04-15 | N/A |
| AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms. | ||||
| CVE-2010-10015 | 1 Aol | 2 Aim, Aol | 2026-04-15 | N/A |
| AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained. | ||||
| CVE-2024-2363 | 1 Aol | 1 Aim Triton | 2026-04-15 | 5.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2014-5570 | 1 Aol | 1 Dailyfinance - Stocks \& News | 2025-04-12 | N/A |
| The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||