AOL YGPPDownload AddPictureNoAlbum ActiveX Controls Buffer Overflow Vulnerability

AOL YGPPDownload AddPictureNoAlbum ActiveX Controls Buffer Overflow Vulnerability

AOL YGPPDownload ActiveX control is prone to a heap-based buffer-overflow vulnerability.

A user can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, this would result in a denial-of-service condition due to a runtime error in the affected module that crashes the running instance of the client application that the object is invoked through (typically Internet Explorer). An attacker may also be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution in the context of the client application.

The AOL YGPPDownload ActiveX control is vulnerable to this issue.