America OnLine (AOL) YPG Picture Finder Tool ActiveX Control (YGPPicFinder.DLL) Overflow

2006-01-16T12:07:00
ID OSVDB:22486
Type osvdb
Reporter Richard M. Smith()
Modified 2006-01-16T12:07:00

Description

Vulnerability Description

A remote overflow exists in America Online. America Online contains a boundary error in the YPG Picture Finder Tool ActiveX Control, YGPPicFinder.DLL, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 9.0 Optimized, 9.0 Security Edition or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in America Online. America Online contains a boundary error in the YPG Picture Finder Tool ActiveX Control, YGPPicFinder.DLL, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.newaol.com/ Security Tracker: 1015494 Secunia Advisory ID:18521 News Article: http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news Keyword: You've Got Pictures FrSIRT Advisory: ADV-2006-0221 CVE-2006-0316 CERT VU: 715730 Bugtraq ID: 16262