According to Blod Clot in a disclosure to BugTraq, AIM 4.8.2790 is wide open to a remote file execution vulnerability. Any file in the same partition can be accessed and run using the dot dot method in a URL, as long as no spaces appear in the file’s path or name. This is gotten around by truncation. This seems to work on all windows versions.

Once again, don’t click any links that you don’t know where they point too. If you are running this version either upgrade or downgrade.