Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2000-1093

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Dec, 2000 | 05:00
Updated At-08 Aug, 2024 | 05:45
Rejected At-
Credits

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Dec, 2000 | 05:00
Updated At:08 Aug, 2024 | 05:45
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
vdb-entry
x_refsource_XF
http://www.atstake.com/research/advisories/2000/a121200-1.txt
vendor-advisory
x_refsource_ATSTAKE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.atstake.com/research/advisories/2000/a121200-1.txt
Resource:
vendor-advisory
x_refsource_ATSTAKE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
vdb-entry
x_refsource_XF
x_transferred
http://www.atstake.com/research/advisories/2000/a121200-1.txt
vendor-advisory
x_refsource_ATSTAKE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.atstake.com/research/advisories/2000/a121200-1.txt
Resource:
vendor-advisory
x_refsource_ATSTAKE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jan, 2001 | 05:00
Updated At:03 Apr, 2025 | 01:03

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
AOL (Yahoo Inc.)
aol
>>instant_messenger>>2.0_n
cpe:2.3:a:aol:instant_messenger:2.0_n:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>2.5.1366
cpe:2.3:a:aol:instant_messenger:2.5.1366:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>2.5.1598
cpe:2.3:a:aol:instant_messenger:2.5.1598:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.0.1470
cpe:2.3:a:aol:instant_messenger:3.0.1470:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.0_n
cpe:2.3:a:aol:instant_messenger:3.0_n:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.5.1635
cpe:2.3:a:aol:instant_messenger:3.5.1635:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.5.1670
cpe:2.3:a:aol:instant_messenger:3.5.1670:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.5.1808
cpe:2.3:a:aol:instant_messenger:3.5.1808:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>3.5.1856
cpe:2.3:a:aol:instant_messenger:3.5.1856:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>4.0
cpe:2.3:a:aol:instant_messenger:4.0:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>4.1.2010
cpe:2.3:a:aol:instant_messenger:4.1.2010:*:*:*:*:*:*:*
AOL (Yahoo Inc.)
aol
>>instant_messenger>>4.2.1193
cpe:2.3:a:aol:instant_messenger:4.2.1193:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.atstake.com/research/advisories/2000/a121200-1.txtcve@mitre.org
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5732cve@mitre.org
N/A
http://www.atstake.com/research/advisories/2000/a121200-1.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5732af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.atstake.com/research/advisories/2000/a121200-1.txt
Source: cve@mitre.org
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.atstake.com/research/advisories/2000/a121200-1.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/5732
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

14Records found
CVE-2002-0362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.75% / 89.02%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-instant_messengern/a
CVE-2001-0314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.30%
||
7 Day CHG~0.00%
Published-04 Apr, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aol_servern/a
CVE-2006-5650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-82.61% / 99.18%
||
7 Day CHG~0.00%
Published-07 Nov, 2006 | 19:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-icqn/a
CVE-2006-5501
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.42% / 89.77%
||
7 Day CHG~0.00%
Published-25 Oct, 2006 | 22:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aoln/a
CVE-2006-3887
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-6.83% / 90.96%
||
7 Day CHG~0.00%
Published-10 Oct, 2006 | 23:00
Updated-07 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-ygp_screensaver_activex_controln/a
CVE-2006-3888
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-17.80% / 94.87%
||
7 Day CHG~0.00%
Published-10 Oct, 2006 | 23:00
Updated-07 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-ygp_pic_downloader_activex_controln/a
CVE-2006-5502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.42% / 89.77%
||
7 Day CHG~0.00%
Published-25 Oct, 2006 | 22:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aoln/a
CVE-2002-1591
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-13 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-instant_messengern/a
CVE-2002-0587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.90% / 82.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aol_servern/a
CVE-2002-0592
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.52%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-instant_messengern/a
CVE-2002-0586
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.98% / 82.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aol_servern/a
CVE-2002-0100
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.01%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aol_servern/a
CVE-2000-1094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.94% / 91.69%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aimn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2004-2373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.19%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-instant_messengern/a
Details not found