CVSS: 9.3EPSS: 59%CPEs: 1EXPL: 1CVE-2006-5820 – AOL SuperBuddy - ActiveX Control Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. El método LinkSBIcons en el control ActiveX SuperBuddy (Sb.SuperBuddy.1) en America Online 9.0 Security Edition referencia a un puntero de función de su eleción, lo cual permite a atacantes remotos ejecutar código de su elección a través del valor de puntero modificado. • https://www.exploit-db.com/exploits/3662 http://osvdb.org/34318 http://secunia.com/advisories/24714 http://securityreason.com/securityalert/2513 http://www.kb.cert.org/vuls/id/478225 http://www.securityfocus.com/archive/1/464313/100/0/threaded http://www.securityfocus.com/bid/23224 http://www.tippingpoint.com/security/advisories/TSRT-07-03.html http://www.vupen.com/english/advisories/2007/1184 https://exchange.xforce.ibmcloud.com/vulnerabilities/33347 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1767
https://notcve.org/view.php?id=CVE-2007-1767
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. Vulnerabilidad no especificada en (1) Deskbar.dll y (2) Toolbar.dll en AOL 9.0 anterior a febrero de 2007 permite a atacantes remotos provocar una denegación de servicio (cierre del navegador) a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2007-03/0392.html http://osvdb.org/35207 https://exchange.xforce.ibmcloud.com/vulnerabilities/33309 •
CVSS: 9.3EPSS: 13%CPEs: 3EXPL: 0CVE-2006-6442
https://notcve.org/view.php?id=CVE-2006-6442
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. Desbordamiento de búfer basado en pila en la función SetClientInfo en el control ActiveX CDDBControlAOL.CDDBAOLControl (cddbcontrol.dll), tal y como se usa en America Online (AOL) 7.0 4114.563, 8.0 4129.230, y 9.0 Security Edition 4156.910, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante un argumento ClientId largo. • http://attrition.org/pipermail/vim/2006-December/001173.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html http://secunia.com/advisories/23043 http://secunia.com/secunia_research/2006-69/advisory http://securitytracker.com/id?1017357 http://www.securityfocus.com/archive/1/454105/100/0/threaded http://www.securityfocus.com/bid/21488 http://www.vupen.com/english/advisories/2006/4904 https://exchange.xforce.ibmcloud.com/vulnerabilities/30790 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2006-5501
https://notcve.org/view.php?id=CVE-2006-5501
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. Desbordamiento del buffer en el control Active X AOL.PicDownloadCtrl.1 YGPPicDownload.dll) 9.2.3.0 en America Online (AOL) 9.0 Security Edition permite a atacantes remotos la ejecución de código de su elección mediante la propiedad downloadFileDirectory. Vulnerabilidad distinta a la CVE-2006-5502. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=430 http://secunia.com/advisories/22567 http://securitytracker.com/id?1017121 http://www.securityfocus.com/bid/20745 http://www.vupen.com/english/advisories/2006/4197 https://exchange.xforce.ibmcloud.com/vulnerabilities/29797 •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2006-5502
https://notcve.org/view.php?id=CVE-2006-5502
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. Desbordamiento del buffer basado en pilas en el control de ActiveX AOL.PicDownloadCtrl.1 (YGPPicDownload.dll) 9.2.3.0 en America Online (AOL) 9.0 Security Edition permite a atacantes remotos la ejecución de código de su elección mediante el método AddPictureNoAlbum. Vulnerabilidad distinta a la CVE-2006-5501. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429 http://secunia.com/advisories/22567 http://securitytracker.com/id?1017121 http://www.securityfocus.com/bid/20747 http://www.vupen.com/english/advisories/2006/4197 https://exchange.xforce.ibmcloud.com/vulnerabilities/29795 •