CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 0CVE-2006-5502
https://notcve.org/view.php?id=CVE-2006-5502
25 Oct 2006 — Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. Desbordamiento del buffer basado en pilas en el control de ActiveX AOL.PicDownloadCtrl.1 (YGPPicDownload.dll) 9.2.3.0 en America Online (AOL) 9.0 Security Edition permite a atacantes remotos la ejecución de código de su elección mediant... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429 •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 0CVE-2006-3887
https://notcve.org/view.php?id=CVE-2006-3887
10 Oct 2006 — Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX AOL You've Got Pictures (YGP) Screensaver permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/22304 •
CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 0CVE-2006-3888
https://notcve.org/view.php?id=CVE-2006-3888
10 Oct 2006 — Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. Desbordamiento de búfer en el control ActiveX de AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), como el utilizado en la Edición de Seguridad America Online 9.0, permite a a... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0948
https://notcve.org/view.php?id=CVE-2006-0948
21 Aug 2006 — AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL 9.0 Security Edition revision 4184.2340, y probablemente otras versiones, utiliza permisos inseguros (Todos/Control Total) para el directorio "America Online 9.0", lo que permite a usuarios locales obtener privilegios mediante el reemplazo de archivos críticos. • http://secunia.com/advisories/18734 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2006-0629
https://notcve.org/view.php?id=CVE-2006-0629
10 Feb 2006 — Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. • http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0948.html •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2006-0526
https://notcve.org/view.php?id=CVE-2006-0526
02 Feb 2006 — The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program. • http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf •
CVSS: 10.0EPSS: 32%CPEs: 3EXPL: 0CVE-2006-0316
https://notcve.org/view.php?id=CVE-2006-0316
19 Jan 2006 — Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. • http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2597
https://notcve.org/view.php?id=CVE-2005-2597
17 Aug 2005 — AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. • http://archives.neohapsis.com/archives/ntbugtraq/2005-08/0009.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1891
https://notcve.org/view.php?id=CVE-2005-1891
08 Jun 2005 — The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. • http://marc.info/?l=bugtraq&m=111816939928640&w=2 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 2CVE-2005-1655 – AOL Instant Messenger 4.x/5.x - Smiley Icon Location Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1655
18 May 2005 — AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. • https://www.exploit-db.com/exploits/25633 •