OSVDB ID: 22486

Title: America OnLine (AOL) YPG Picture Finder Tool ActiveX Control (YGPPicFinder.DLL) Overflow

Info

Disclosure

Jan 16, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in America Online. America Online contains a boundary error in the YPG Picture Finder Tool ActiveX Control, YGPPicFinder.DLL, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Upgrade to version 9.0 Optimized, 9.0 Security Edition or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

America Online, Inc.	America Online Classic!	8.0
		9.0
	America Online Plus!	8.0

References

Security Tracker: 1015494
Bugtraq ID: 16262
Secunia Advisory ID: 18521
SCIP VulDB ID: 1987
CVE ID: 2006-0316 (see also: NVD)
CERT VU: 715730
VUPEN Advisory: ADV-2006-0221
News Article: http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news
Vendor URL: http://www.newaol.com/
Keyword:

Credit

Richard M. Smith - rmscomputerbytesman.com - Phar Lap Software, Inc.

Direct URL: http://osvdb.org/22486

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

America Online, Inc.

America Online Classic!

America Online Plus!

References

Credit