Release DateFeb 04, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a code-execution vulnerability in AOL.The vulnerability is located in the "Phobos.dll" ActiveX control through misuse of the "Import" method. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition. |
Affected ProductsAOL 9.5 |
Recommended ActionsSet the kill bit for the following CLSID:{A105BD70-BF56-4D10-BC91-41C88321F47C} |
Coverage IPS
VCM |
Reference/shttp://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/http://www.exploit-db.com/exploits/11257 http://www.exploit-db.com/exploits/11204 http://osvdb.org/show/osvdb/61964 |
