CVE-2006-3888
🟡 Monitoruj
Przepełnienie bufora w kontrolce ActiveX AOL umożliwia zdalne wykonanie kodu.
CVSS
7.5
EPSS
19.8%
Exploit
none
Vendor
aol
Opis źródłowy (NVD)
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 19.8% |
| Opublikowano (NVD) | 2006-10-10 23:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420 (cret@cert.org)
- http://secunia.com/advisories/22304 (cret@cert.org)
- http://securitytracker.com/id?1017024 (cret@cert.org)
- http://www.kb.cert.org/vuls/id/661524 (cret@cert.org) [US Government Resource]
- http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8 (cret@cert.org)
- http://www.securityfocus.com/bid/20425 (cret@cert.org)
- http://www.securityfocus.com/bid/20472 (cret@cert.org)
- http://www.vupen.com/english/advisories/2006/3967 (cret@cert.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29410 (cret@cert.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29494 (cret@cert.org)