AOL Time Warner Affected

Notified:  October 17, 2001 Updated: January 28, 2002



Vendor Statement

Not really specific to AIM/not an AIM issue. It is not any more of a risk than if someone sent a dangerous web file to someone via an email or via file transfer. AIM does not know whether an invalid image file sent in an IM Image session is dangerous or not. Also, we don't include IM logging in the client right now although it did exist in some internal Alphas that leaked to the public.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.