CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

AOL : Security Vulnerabilities Published In 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6442 Exec Code Overflow 2006-12-10 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument.
2 CVE-2006-5650 Exec Code 2006-11-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
3 CVE-2006-5502 Exec Code Overflow 2006-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
4 CVE-2006-5501 Exec Code Overflow 2006-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.
5 CVE-2006-3888 Exec Code Overflow 2006-10-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
6 CVE-2006-3887 Exec Code Overflow 2006-10-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
7 CVE-2006-0948 +Priv 2006-08-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
8 CVE-2006-0629 DoS Exec Code Overflow 2006-02-10 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow.
9 CVE-2006-0526 +Priv 2006-02-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.
10 CVE-2006-0316 Exec Code Overflow 2006-01-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.
Total number of vulnerabilities : 10   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.