CVE-2006-6442

https://notcve.org/view.php?id=CVE-2006-6442

Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. Desbordamiento de búfer basado en pila en la función SetClientInfo en el control ActiveX CDDBControlAOL.CDDBAOLControl (cddbcontrol.dll), tal y como se usa en America Online (AOL) 7.0 4114.563, 8.0 4129.230, y 9.0 Security Edition 4156.910, y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante un argumento ClientId largo. • http://attrition.org/pipermail/vim/2006-December/001173.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html http://secunia.com/advisories/23043 http://secunia.com/secunia_research/2006-69/advisory http://securitytracker.com/id?1017357 http://www.securityfocus.com/archive/1/454105/100/0/threaded http://www.securityfocus.com/bid/21488 http://www.vupen.com/english/advisories/2006/4904 https://exchange.xforce.ibmcloud.com/vulnerabilities/30790 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •