America Online, Inc. Information for VU#715730
AOL You've Got Pictures ActiveX control buffer overflow
- Vendor Information Help Date Notified: 05 Jan 2006
- Statement Date:
- Date Updated: 09 Jan 2006
America Online was recently made aware of a security vulnerability present in an ActiveX control that was distributed as part of our 8.0, 8.0+ and 9.0 Classic software. This control was also distributed via the "You've Got Pictures" web site prior to 2004. AOL 9.0 Optimized and AOL 9.0 Security Edition do not contain this control and are not affected. The control is no longer in use by any AOL systems, and is not needed in order to use AOL's "You've Got Pictures".
Affected Products and Applications
The following AOL software versions are affected by this issue:
* AOL 8.0+
* AOL 9.0 Classic
In addition, any Windows platform that has installed plug-ins from the "You've Got Pictures" website prior to 2004 is potentially affected.
1. America Online, Inc. recommends that all active AOL users of potentially affected software (listed above) sign on to the AOL service where a fix will automatically and transparently be applied to their systems.
2. Affected users who are not active AOL Members may download a hotfix from AOL that will address the issue. The hotfix can be downloaded from
America Online, Inc. would like to thank Richard Smith for his assistance to responsibly address this issue.
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.