America Online, Inc. Information for VU#701121

Gracenote CDDB ActiveX control buffer overflow

Status

Affected

Vendor Statement

Overview

AOL has recently been made aware of a security vulnerability present in
the AOL CDDB ActiveX control. Successful exploitation of the
vulnerability may allow an attacker to execute arbitrary code on a
vulnerable system.


Affected Products and Applications

All AOL software versions are affected by this issue.


Solutions

1. Users of AOL 9.0 or AOL 9.0 Security Edition are recommended to log
in to the AOL service and a fix will be seamlessly applied to their system.

2. Users using versions of AOL that are older than 9.0 are strongly
recommended to upgrade to the latest version of AOL 9.0 Security Edition.


Acknowledgments

AOL would like to thank Secunia for their efforts in identifying and
responsibly reporting this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.