RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
BID:21488
Info
RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 21488 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6442 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 08 2006 12:00AM |
| Updated: | Dec 12 2006 09:18PM |
| Credit: | Carsten Eiram of Secunia Research discovered this issue. |
| Vulnerable: |
AOL Client Software 9.0 Security AOL Client Software 8.0 AOL Client Software 7.0 |
| Not Vulnerable: | |
Discussion
RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
AOL CDDBControl ActiveX control is prone to a stack-based buffer-overflow vulnerability.
An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, the attacker may be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution with the privileges of the currently logged-in user. A denial-of-service condition may arise as well.
This issue affects AOL 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910. Other versions may also be affected.
UPDATE: This BID is retired because it is a duplicate of the one described in BID 18678 (GraceNote CDDBControl ActiveX Control Remote Buffer Overflow Vulnerability).
AOL CDDBControl ActiveX control is prone to a stack-based buffer-overflow vulnerability.
An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, the attacker may be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution with the privileges of the currently logged-in user. A denial-of-service condition may arise as well.
This issue affects AOL 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910. Other versions may also be affected.
UPDATE: This BID is retired because it is a duplicate of the one described in BID 18678 (GraceNote CDDBControl ActiveX Control Remote Buffer Overflow Vulnerability).
Exploit / POC
RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
Solution:
Fixes are available from the vendor through the AOL Client software's automatic update feature.
Solution:
Fixes are available from the vendor through the AOL Client software's automatic update feature.
References
RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability
References:
References: