Vulnerability Note VU#715730

AOL You've Got Pictures ActiveX control buffer overflow

Overview

The AOL You've Got Pictures service contains a buffer overflow that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

I. Description

AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. There is a buffer overflow in an AOL YPG Picture Finder Tool ActiveX Control. This control is provided by YGPPicFinder.DLL. This vulnerability affects AOL 8.0, 8.0 Plus, and 9.0 Classic. In addition, the vulnerable control was distributed via the You've Got Pictures web site prior to 2004.

II. Impact

A remote attacker may be able to execute arbitrary code or cause a denial-of-service condition.

III. Solution

Upgrade

Upgrading to AOL 9.0 Optimized and AOL 9.0 Security Edition corrects this issue. In addition, AOL has released a hotfix to correct this issue.

Systems Affected

Vendor	Status	Date Updated
America Online, Inc.	Vulnerable	9-Jan-2006

References

http://securitytracker.com/alerts/2006/Jan/1015494.html

Credit

This vulnerability was reported by AOL. AOL credits Richard M. Smith for providing information regarding this vulnerability.

This document was written by Jeff Gennari.

Other Information

Date Public	01/16/2006
Date First Published	01/16/2006 12:07:59 PM
Date Last Updated	01/31/2006
CERT Advisory
CVE-ID(s)
NVD-ID(s)
US-CERT Technical Alerts
Metric	1.59
Document Revision	52

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader