AOL Desktop .rtx File Buffer Overflow

2011-03-18T00:00:00
ID SAINT:5310D09C2B07B9018BD61B235D49CB19
Type saint
Reporter SAINT Corporation
Modified 2011-03-18T00:00:00

Description

Added: 03/18/2011
BID: 46129
OSVDB: 70741

Background

AOL Desktop is an internet suite that integrates a web browser, media player, and IM client.

Problem

A heap overflow vulnerability exists in the Rich Text file parser of AOL Desktop 9.x. In documents with HTML links, the parser does not properly validate the length of the "HREF" attribute in "A" tags.

Resolution

This vulnerability has not been patched by the vendor.

References

<http://secunia.com/advisories/43136/>

Limitations

This exploit works against AOL Desktop 9.6 running on Microsoft Windows XP SP3 English (DEP OptIn).

Platforms

Windows XP
Windows Vista / Windows 7