|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420
|
| |
Vulnerable Systems:
* AOL Security Edition 9.0 with downloader plug-in version 9.2.3.0.
When AOL 9.0 is installed, it registers the following ActiveX control on the system:
ProgId: AOL.PicDownloadCtrl.1
ClassId: D670D0B3-05AB-4115-9F87-D983EF1AC747
File: YGPPicDownload.dll
This control is registered as safe for scripting in IE and contains a buffer overflow in its SetAlbumName() method.
Exploitation of this vulnerability is trivial and allows for arbitrary execution of code as the currently logged in user. Users would need to be convinced to go to a malicious web site in order to be exploited.
Workaround:
Disabling Active Scripting or unregistering the vulnerable control can prevent exploitation. Additionally, setting the kill bit for the vulnerable control will disable it from running within Internet Explorer.
Vendor Status:
"All AOL software versions are affected by this issue.
Solutions:
1. Users of AOL 9.0 or AOL 9.0 Security Edition are recommended to log in to the AOL service and a fix will be seamlessly applied to their system.
2. Users using versions of AOL that are older than 9.0 are strongly recommended to upgrade to the latest version of AOL 9.0 Security Edition."
CVE Information:
CVE-2006-4840
Disclosure Timeline:
* 09/11/2006 - Initial vendor notification
* 09/11/2006 - Initial vendor response
* 10/11/2006 - Coordinated public disclosure
|
|
|
|
|
