America Online, Inc. Information for VU#715730

AOL You've Got Pictures ActiveX control buffer overflow

Status

Affected

Vendor Statement

Overview

America Online was recently made aware of a security vulnerability present in an ActiveX control that was distributed as part of our 8.0, 8.0+ and 9.0 Classic software. This control was also distributed via the "You've Got Pictures" web site prior to 2004. AOL 9.0 Optimized and AOL 9.0 Security Edition do not contain this control and are not affected. The control is no longer in use by any AOL systems, and is not needed in order to use AOL's "You've Got Pictures".

Affected Products and Applications

The following AOL software versions are affected by this issue:

* AOL 8.0+
* AOL 9.0 Classic

In addition, any Windows platform that has installed plug-ins from the "You've Got Pictures" website prior to 2004 is potentially affected.

Solutions

1. America Online, Inc. recommends that all active AOL users of potentially affected software (listed above) sign on to the AOL service where a fix will automatically and transparently be applied to their systems.

2. Affected users who are not active AOL Members may download a hotfix from AOL that will address the issue. The hotfix can be downloaded from

    http://download.newaol.com/security/YGPClean.exe


Acknowledgments

America Online, Inc. would like to thank Richard Smith for his assistance to responsibly address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.