CVSS: 9.3EPSS: 59%CPEs: 1EXPL: 1CVE-2006-5820 – AOL SuperBuddy - ActiveX Control Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. El método LinkSBIcons en el control ActiveX SuperBuddy (Sb.SuperBuddy.1) en America Online 9.0 Security Edition referencia a un puntero de función de su eleción, lo cual permite a atacantes remotos ejecutar código de su elección a través del valor de puntero modificado. • https://www.exploit-db.com/exploits/3662 http://osvdb.org/34318 http://secunia.com/advisories/24714 http://securityreason.com/securityalert/2513 http://www.kb.cert.org/vuls/id/478225 http://www.securityfocus.com/archive/1/464313/100/0/threaded http://www.securityfocus.com/bid/23224 http://www.tippingpoint.com/security/advisories/TSRT-07-03.html http://www.vupen.com/english/advisories/2007/1184 https://exchange.xforce.ibmcloud.com/vulnerabilities/33347 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1767
https://notcve.org/view.php?id=CVE-2007-1767
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. Vulnerabilidad no especificada en (1) Deskbar.dll y (2) Toolbar.dll en AOL 9.0 anterior a febrero de 2007 permite a atacantes remotos provocar una denegación de servicio (cierre del navegador) a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2007-03/0392.html http://osvdb.org/35207 https://exchange.xforce.ibmcloud.com/vulnerabilities/33309 •
CVSS: 9.3EPSS: 13%CPEs: 3EXPL: 0CVE-2006-6442
https://notcve.org/view.php?id=CVE-2006-6442
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. Desbordamiento de búfer basado en pila en la función SetClientInfo en el control ActiveX CDDBControlAOL.CDDBAOLControl (cddbcontrol.dll), tal y como se usa en America Online (AOL) 7.0 4114.563, 8.0 4129.230, y 9.0 Security Edition 4156.910, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante un argumento ClientId largo. • http://attrition.org/pipermail/vim/2006-December/001173.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html http://secunia.com/advisories/23043 http://secunia.com/secunia_research/2006-69/advisory http://securitytracker.com/id?1017357 http://www.securityfocus.com/archive/1/454105/100/0/threaded http://www.securityfocus.com/bid/21488 http://www.vupen.com/english/advisories/2006/4904 https://exchange.xforce.ibmcloud.com/vulnerabilities/30790 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 2CVE-2006-5650 – America Online ICQ ActiveX Control Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-5650
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. El control ActiveX ICQPhone.SipxPhoneManager en America Online ICQ 5.1 permite a atacantes remotos bajar y ejecutar código de su elección mediante la función DownloadAgent, como ha sido demostrado usando un avatar ICQ. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control with the following CLSID: 54BDE6EC-F42F-4500-AC46-905177444300 The vulnerable function takes a single URI argument of a file to download and execute under the context of the running user. A malicious ICQ avatar can be used as an exploitation vector, allowing attackers to exploit this vulnerability by simply messaging a target ICQ user. • https://www.exploit-db.com/exploits/28916 https://www.exploit-db.com/exploits/16554 http://secunia.com/advisories/22670 http://securityreason.com/securityalert/1830 http://securitytracker.com/id?1017163 http://www.securityfocus.com/archive/1/450726/100/0/threaded http://www.securityfocus.com/bid/20930 http://www.vupen.com/english/advisories/2006/4362 http://www.zerodayinitiative.com/advisories/ZDI-06-037.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30059 •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2006-5501
https://notcve.org/view.php?id=CVE-2006-5501
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. Desbordamiento del buffer en el control Active X AOL.PicDownloadCtrl.1 YGPPicDownload.dll) 9.2.3.0 en America Online (AOL) 9.0 Security Edition permite a atacantes remotos la ejecución de código de su elección mediante la propiedad downloadFileDirectory. Vulnerabilidad distinta a la CVE-2006-5502. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430 http://secunia.com/advisories/22567 http://securitytracker.com/id?1017121 http://www.securityfocus.com/bid/20745 http://www.vupen.com/english/advisories/2006/4197 https://exchange.xforce.ibmcloud.com/vulnerabilities/29797 •