• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability

AOL You've Got Pictures ActiveX control is prone to a buffer overflow vulnerability.

It is possible to invoke the object from a malicious Web page to trigger the condition. If the vulnerability were successfully exploited, this would result in a denial of service due to a runtime error in the affected module that causes the running instance of the client application that the object is invoked through (typically Internet Explorer) to crash. It may also be possible to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.

The affected ActiveX control was distributed in various versions of AOL Client Software, and on the You've Got Pictures Web site prior to 2004.