Search
Find a vulnerability
Search criteria
10 vulnerabilities found for AOL by AOL
CVE-2010-10015 (GCVE-0-2010-10015)
Vulnerability from nvd – Published: 2025-08-21 20:08 – Updated: 2026-05-15 11:13
VLAI
Title
AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow
Summary
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://web.archive.org/web/20100804162117/http:/… | technical-descriptionexploit |
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/11204 | exploit |
| https://www.broadcom.com/support/security-center/… | third-party-advisory |
| https://www.fortiguard.com/encyclopedia/ips/32026… | third-party-advisory |
| https://appdb.winehq.org/objectManager.php?sClass… | product |
| http://www.exploit-db.com/exploits/11190 | exploit |
| https://www.vulncheck.com/advisories/aol-phobos-p… | third-party-advisory |
| https://www.exploit-db.com/exploits/11190 | exploit |
Impacted products
Date Public
2010-01-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-10015",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T15:35:00.446427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:35:06.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11190"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11204"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Phobos.Playlist ActiveX control"
],
"product": "AOL",
"vendor": "AOL",
"versions": [
{
"lessThanOrEqual": "9.5 (Revision 4337.155)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aol:aim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5 (Revision 4337.155)",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hellcode Research"
}
],
"datePublic": "2010-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization.\u0026nbsp;AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software\u2014specifically the version containing the vulnerable Phobos.dll ActiveX control\u2014is long discontinued and no longer maintained."
}
],
"value": "AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization.\u00a0AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software\u2014specifically the version containing the vulnerable Phobos.dll ActiveX control\u2014is long discontinued and no longer maintained."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:22.110Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20100804162117/http://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11204"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26569"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.fortiguard.com/encyclopedia/ips/32026/aol-phobos-dll-activex-control-import-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://appdb.winehq.org/objectManager.php?sClass=version\u0026iId=20354"
},
{
"tags": [
"exploit"
],
"url": "http://www.exploit-db.com/exploits/11190"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/aol-phobos-playlist-import-stack-based-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AOL \u003c= 9.5 Phobos.Playlist \u0027Import()\u0027 Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-10015",
"datePublished": "2025-08-21T20:08:37.933Z",
"dateReserved": "2025-08-21T16:26:04.002Z",
"dateUpdated": "2026-05-15T11:13:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2006-5820 (GCVE-0-2006-5820)
Vulnerability from nvd – Published: 2007-04-02 22:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23224 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/478225 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/24714 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1184 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/2513 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/34318 | vdb-entryx_refsource_OSVDB |
| http://www.tippingpoint.com/security/advisories/T… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/464313/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"refsource": "OSVDB",
"url": "http://osvdb.org/34318"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5820",
"datePublished": "2007-04-02T22:00:00.000Z",
"dateReserved": "2006-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5502 (GCVE-0-2006-5502)
Vulnerability from nvd – Published: 2006-10-25 22:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20747 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.vupen.com/english/advisories/2006/4197 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1017121 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/22567 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5502",
"datePublished": "2006-10-25T22:00:00.000Z",
"dateReserved": "2006-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:52.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5501 (GCVE-0-2006-5501)
Vulnerability from nvd – Published: 2006-10-25 22:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20745 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/4197 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1017121 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/22567 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22567"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5501",
"datePublished": "2006-10-25T22:00:00.000Z",
"dateReserved": "2006-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:52.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0948 (GCVE-0-2006-0948)
Vulnerability from nvd – Published: 2006-08-21 18:00 – Updated: 2024-08-07 16:56
VLAI
Summary
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/secunia_research/2006-08 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3317 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/443622/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1416 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/27995 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/19583 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016717 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:14.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-08",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0948",
"datePublished": "2006-08-21T18:00:00.000Z",
"dateReserved": "2006-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:14.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-10015 (GCVE-0-2010-10015)
Vulnerability from cvelistv5 – Published: 2025-08-21 20:08 – Updated: 2026-05-15 11:13
VLAI
Title
AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow
Summary
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://web.archive.org/web/20100804162117/http:/… | technical-descriptionexploit |
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/11204 | exploit |
| https://www.broadcom.com/support/security-center/… | third-party-advisory |
| https://www.fortiguard.com/encyclopedia/ips/32026… | third-party-advisory |
| https://appdb.winehq.org/objectManager.php?sClass… | product |
| http://www.exploit-db.com/exploits/11190 | exploit |
| https://www.vulncheck.com/advisories/aol-phobos-p… | third-party-advisory |
| https://www.exploit-db.com/exploits/11190 | exploit |
Impacted products
Date Public
2010-01-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-10015",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T15:35:00.446427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:35:06.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11190"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11204"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Phobos.Playlist ActiveX control"
],
"product": "AOL",
"vendor": "AOL",
"versions": [
{
"lessThanOrEqual": "9.5 (Revision 4337.155)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aol:aim:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5 (Revision 4337.155)",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hellcode Research"
}
],
"datePublic": "2010-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization.\u0026nbsp;AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software\u2014specifically the version containing the vulnerable Phobos.dll ActiveX control\u2014is long discontinued and no longer maintained."
}
],
"value": "AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization.\u00a0AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software\u2014specifically the version containing the vulnerable Phobos.dll ActiveX control\u2014is long discontinued and no longer maintained."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:22.110Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20100804162117/http://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/11204"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26569"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.fortiguard.com/encyclopedia/ips/32026/aol-phobos-dll-activex-control-import-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://appdb.winehq.org/objectManager.php?sClass=version\u0026iId=20354"
},
{
"tags": [
"exploit"
],
"url": "http://www.exploit-db.com/exploits/11190"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/aol-phobos-playlist-import-stack-based-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AOL \u003c= 9.5 Phobos.Playlist \u0027Import()\u0027 Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-10015",
"datePublished": "2025-08-21T20:08:37.933Z",
"dateReserved": "2025-08-21T16:26:04.002Z",
"dateUpdated": "2026-05-15T11:13:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2006-5820 (GCVE-0-2006-5820)
Vulnerability from cvelistv5 – Published: 2007-04-02 22:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23224 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/478225 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/24714 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1184 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/2513 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/34318 | vdb-entryx_refsource_OSVDB |
| http://www.tippingpoint.com/security/advisories/T… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/464313/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23224",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23224",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23224"
},
{
"name": "VU#478225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/478225"
},
{
"name": "24714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24714"
},
{
"name": "ADV-2007-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1184"
},
{
"name": "2513",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2513"
},
{
"name": "aol-superbuddy-activex-code-execution(33347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33347"
},
{
"name": "34318",
"refsource": "OSVDB",
"url": "http://osvdb.org/34318"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-07-03.html"
},
{
"name": "20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464313/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5820",
"datePublished": "2007-04-02T22:00:00.000Z",
"dateReserved": "2006-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5502 (GCVE-0-2006-5502)
Vulnerability from cvelistv5 – Published: 2006-10-25 22:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20747 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.vupen.com/english/advisories/2006/4197 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1017121 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/22567 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20747"
},
{
"name": "20061025 AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429"
},
{
"name": "ADV-2006-4197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22567"
},
{
"name": "aol-ygp-addpicturenoalbum-bo(29795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5502",
"datePublished": "2006-10-25T22:00:00.000Z",
"dateReserved": "2006-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:52.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5501 (GCVE-0-2006-5501)
Vulnerability from cvelistv5 – Published: 2006-10-25 22:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20745 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/4197 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1017121 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/22567 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22567"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20745"
},
{
"name": "20061025 AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430"
},
{
"name": "aol-ygp-downloadfiledirectory-bo(29797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29797"
},
{
"name": "ADV-2006-4197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4197"
},
{
"name": "1017121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017121"
},
{
"name": "22567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5501",
"datePublished": "2006-10-25T22:00:00.000Z",
"dateReserved": "2006-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:52.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0948 (GCVE-0-2006-0948)
Vulnerability from cvelistv5 – Published: 2006-08-21 18:00 – Updated: 2024-08-07 16:56
VLAI
Summary
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/secunia_research/2006-08 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3317 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18734 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/443622/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1416 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/27995 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/19583 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1016717 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:14.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the \"America Online 9.0\" directory, which allows local users to gain privileges by replacing critical files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-08",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-08"
},
{
"name": "ADV-2006-3317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3317"
},
{
"name": "aol-default-insecure-permissions(28445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28445"
},
{
"name": "18734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18734"
},
{
"name": "20060818 Secunia Research: AOL Insecure Default Directory Permissions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443622/100/0/threaded"
},
{
"name": "1416",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1416"
},
{
"name": "27995",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27995"
},
{
"name": "19583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19583"
},
{
"name": "1016717",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0948",
"datePublished": "2006-08-21T18:00:00.000Z",
"dateReserved": "2006-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:14.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}