5 matches found
CVE-2006-0526
CVE-2006-0526 affects the AOL client: the default configuration lets any user modify a registry value that specifies a DLL file name, enabling local privilege escalation via a Trojan horse. The available documents confirm the affected product and the root cause, but do not provide exploit details...
CVE-2006-0316
CVE-2006-0316 describes a buffer overflow in the YGPPicFinder.DLL ActiveX control used by AOL’s You’ve Got Pictures (YGP) Picture Finder Tool (bundled with AOL 8.0/8.0 Plus/9.0 Classic). The vulnerability allows a remote target to potentially execute arbitrary code via unspecified vectors, as rep...
CVE-2007-1767
CVE-2007-1767 concerns AOL 9.0 (Deskbar.dll and Toolbar.dll) with an unspecified vulnerability that allows remote attackers to trigger a denial of service (browser crash) via unknown vectors. Affected software is AOL 9.0 prior to February 2007; the specific root cause, affected components, and po...
CVE-2005-2597
CVE-2005-2597 concerns AOL Client Software 9.0, where insecure permissions on the installation path allow a local user to replace ACSD.exe with a malicious program, enabling arbitrary code execution with SYSTEM privileges. The vulnerability is local in scope and hinges on insufficient protection ...
CVE-2006-6442
The connected advisories confirm CVE-2006-6442 affects the Gracenote CDDBControl ActiveX control (cddbcontrol.dll) used in AOL software. A stack-based buffer overflow in SetClientInfo allows remote attackers to execute arbitrary code by providing a long ClientId/option string. Impact is remote co...