Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Webmaster / SEO-Related

SEO-Related

AOL Vulnerability!

Security company Secunia confirmed the flaw

By Bogdan Popa, Security and Search Engines Editor

8th of December 2006, 10:11 GMT

Adjust text size:


America Online, or just AOL, is one of the most used services on the internet, representing a solution that never had problems with vulnerabilities, flaws or other types of infections.
As you can see, nobody is safe anymore, not even Google that is becoming one of the main targets for attackers that are looking to exploit all vulnerabilities.

Today, security company Secunia announced that a vulnerability that can allow the execution of arbitrary code was
reported in AOL. The researchers of the company were informed of the flaw and, after a closer look, they confirmed the vulnerability.

"Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing the first argument passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes)," the company said.

A successful exploitation of the vulnerability allows the execution of an arbitrary code that will offer the control of the system when a user visits a dangerous site with Internet Explorer.

The company rated the flaw as "highly critical" and said that while the flaw exists in America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910, other versions may also be affected.

Carsten Eiram, Secunia Research, also published the solution for the vulnerability, saying that updates are already available for AOL 9.x users when they log in into the AOL account. All you need to do is to accept the automatically updates provided by the company when the first screen after the log in process appears.


Rating:
Very Good (4.0/5) 3 vote(s) so far    

Read by 782 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


PowerPoint Crashing Bug Not a Security Vulnerability

Firefox Password Manager Vulnerability

One More Google Vulnerability!

CRITICAL Vulnerability in Adobe Download Manager

Intel LAN Driver Vulnerability

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive