• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AOL You've Got Pictures ActiveX Controls Buffer Overflow Vulnerabilities

AOL You've Got Pictures (YGP) ActiveX controls are prone to multiple buffer-overflow vulnerabilities.

A user can invoke the object from a malicious web page to trigger the condition. If the vulnerabilities are successfully exploited, this would result in a denial-of-service condition due to a runtime error in the affected module that crashes the running instance of the client application that the object is invoked through (typically Internet Explorer). An attacker may also be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.

YGP ScreenSaver and YGP Pic Downloader ActiveX controls are vulnerable to these issues.