CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 3CVE-2009-3658 – AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution
https://notcve.org/view.php?id=CVE-2009-3658
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. El control ActiveX Sb.SuperBuddy.1 (sb.dll) en America Online (AOL) v9.5.0.1 no gestiona adecuadamente la memoria, lo que permite a atacanates remotos generar una corrupción de memoria o posiblemente ejcutar codigo arbitrario a través de un argumento del método SetSuperBuddy debidamente modificado. • https://www.exploit-db.com/exploits/9992 http://retrogod.altervista.org/9sg_aol_91_superbuddy.html http://secunia.com/advisories/36919 http://www.securityfocus.com/archive/1/506889/100/0/threaded http://www.securityfocus.com/bid/36580 http://www.vupen.com/english/advisories/2009/2812 https://exchange.xforce.ibmcloud.com/vulnerabilities/53614 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 60%CPEs: 7EXPL: 0CVE-2009-2404 – nss regexp heap overflow
https://notcve.org/view.php?id=CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el analizador de expresiones regulares en Mozilla NetWork Security Services (NSS) anteriores a 3.12.3 como las utilizadas en Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, y AOL Instant Messenger (AIM), permite a servidores SSL remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecución de código de su elección a través de un nombre de dominio largo en el campo Common Name (CN) en un certificado X.509, relativo a la función cert_TestHost_Name. • http://rhn.redhat.com/errata/RHSA-2009-1185.html http://secunia.com/advisories/36088 http://secunia.com/advisories/36102 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/37098 http://secunia.com/advisories/39428 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 3CVE-2007-6699 – AOL Picture Editor 'YGPPicEdit.dll' ActiveX Control 9.5.1.8 - Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6699
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. Múltiples desbordamientos de búfer en el control ActiveX AIM PicEditor 9.5.1.8 de YGPPicEdit.dll en AOL You've Got Pictures (YGP) Picture Editor. Permiten a atacantes remotos causar una denegación de servicio (caída del navegador) a través de una cadena larga en los valores de propiedades (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy y (8) UserAgent. • https://www.exploit-db.com/exploits/30936 http://osvdb.org/41198 http://seclists.org/fulldisclosure/2007/Dec/0561.html http://seclists.org/fulldisclosure/2007/Dec/0574.html http://www.securityfocus.com/bid/27026 http://www.securitytracker.com/id?1019143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 2EXPL: 0CVE-2007-6250
https://notcve.org/view.php?id=CVE-2007-6250
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. Desbordamiento de búfer basado en pila en AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), como el utilizado en el control ActiveX AmpX (AmpX.dll), podría permitir a atacantes remotos ejecutar código de su elección a través del método AppendFileToPlayList. • http://secunia.com/advisories/28399 http://www.kb.cert.org/vuls/id/568681 http://www.securityfocus.com/bid/27207 http://www.securitytracker.com/id?1019173 http://www.vupen.com/english/advisories/2008/0085 https://exchange.xforce.ibmcloud.com/vulnerabilities/39592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 35%CPEs: 1EXPL: 0CVE-2007-5755
https://notcve.org/view.php?id=CVE-2007-5755
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. Múltiples desbordamientos de búfer basado en pila en el control ActiveX AOL AmpX en mpX.dll 2.6.1.11 en AOL Radio permite a atacantes remotos ejecutar código de su elección a través de argumentos largos en métodos no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=623 http://osvdb.org/38705 http://secunia.com/advisories/27622 http://www.securityfocus.com/bid/26396 http://www.securitytracker.com/id?1018929 http://www.vupen.com/english/advisories/2007/3822 https://exchange.xforce.ibmcloud.com/vulnerabilities/38397 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •