• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: AOL CDDBControl ActiveX Control Buffer Overflow Vulnerability

AOL CDDBControl ActiveX control is prone to a stack-based buffer-overflow vulnerability.

An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, the attacker may be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution with the privileges of the currently logged-in user. A denial-of-service condition may arise as well.

This issue affects AOL 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910. Other versions may also be affected.

UPDATE: This BID is retired because it is a duplicate of the one described in BID 18678 (GraceNote CDDBControl ActiveX Control Remote Buffer Overflow Vulnerability).