CVE-2007-1904 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aol	Icq Instant Messenger

Configuration 1 [-]

OR	cpe:2.3:a:aol:icq::::::::
	cpe:2.3:a:aol:instant_messenger::::::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508
http://secunia.com/advisories/24747
http://secunia.com/advisories/24803
http://www.securityfocus.com/bid/23391
http://www.securitytracker.com/id?1017890
http://www.securitytracker.com/id?1017891
http://www.vupen.com/english/advisories/2007/1306
http://www.vupen.com/english/advisories/2007/1307
https://exchange.xforce.ibmcloud.com/vulnerabilities/33538

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00766}`	epss `{'score': 0.0087}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-10T23:00:00

Updated: 2024-08-07T13:13:41.832Z

Reserved: 2007-04-10T00:00:00

Link: CVE-2007-1904

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-10T23:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1904

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017890", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017890"}, {"name": "aim-icq-filetransfer-directory-traversal(33538)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"}, {"name": "ADV-2007-1307", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1307"}, {"name": "1017891", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017891"}, {"name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"}, {"name": "24803", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24803"}, {"name": "23391", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23391"}, {"name": "24747", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24747"}, {"name": "ADV-2007-1306", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1306"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1904", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017890", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017890"}, {"name": "aim-icq-filetransfer-directory-traversal(33538)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"}, {"name": "ADV-2007-1307", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1307"}, {"name": "1017891", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017891"}, {"name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"}, {"name": "24803", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24803"}, {"name": "23391", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23391"}, {"name": "24747", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24747"}, {"name": "ADV-2007-1306", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1306"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:41.832Z"}, "title": "CVE Program Container", "references": [{"name": "1017890", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017890"}, {"name": "aim-icq-filetransfer-directory-traversal(33538)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"}, {"name": "ADV-2007-1307", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1307"}, {"name": "1017891", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017891"}, {"name": "20070409 AOL AIM and ICQ File Transfer Path-Traversal Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"}, {"name": "24803", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24803"}, {"name": "23391", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23391"}, {"name": "24747", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24747"}, {"name": "ADV-2007-1306", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1306"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1904", "datePublished": "2007-04-10T23:00:00", "dateReserved": "2007-04-10T00:00:00", "dateUpdated": "2024-08-07T13:13:41.832Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aol:icq:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D80B796-50E3-43AF-BFF9-2B221C7F5E1D", "versionEndIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:aol:instant_messenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA96E883-58ED-4D44-AE80-FC544F57634D", "versionEndIncluding": "5.9.3861", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en AOL Instant Messenger (AIM) 5.9 y anteriores, e ICQ 5.1 y probablemente anteriores permite a atacantes remotos con la complicidad del usuario mediante secuencias .. (punto punto) en un nombre de fichero en una operaci\u00f3n de transferencia de fichero."}], "id": "CVE-2007-1904", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-04-10T23:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24747"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24803"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23391"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017890"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017891"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1306"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1307"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33538"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}