14 DAY TRIAL // America Online, or just AOL, is one of the most used services on the internet, representing a solution that never had problems with vulnerabilities, flaws or other types of infections. As you can see, nobody is safe anymore, not even Google that is becoming one of the main targets for attackers that are looking to exploit all vulnerabilities.
Today, security company Secunia announced that a vulnerability that can allow the execution of arbitrary code was reported in AOL. The researchers of the company were informed of the flaw and, after a closer look, they confirmed the vulnerability.
"Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing the first argument passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes)," the company said.
A successful exploitation of the vulnerability allows the execution of an arbitrary code that will offer the control of the system when a user visits a dangerous site with Internet Explorer.
The company rated the flaw as "highly critical" and said that while the flaw exists in America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910, other versions may also be affected.
Carsten Eiram, Secunia Research, also published the solution for the vulnerability, saying that updates are already available for AOL 9.x users when they log in into the AOL account. All you need to do is to accept the automatically updates provided by the company when the first screen after the log in process appears.