Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

America Online, Inc. Information for VU#154641

Date Notified:2006-07-13
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

Overview

AOL has recently been made aware of a security vulnerability present in
two ActiveX controls available with AOL client software. The two
vulnerable controls are:

* YGP Pic Downloader - Shipped with AOL "You've Got Pictures" software
* YGP ScreenSaver - Screensaver add-on for the AOL "You've Got Pictures"
software

Successful exploitation of either vulnerability may result in an
attacker being able to execute arbitrary code on a vulnerable system.


Affected Products and Applications

All AOL software versions are affected by this issue.


Solutions

1.  Users of AOL 9.0 or AOL 9.0 Security Edition are recommended to log
in to the AOL service and a fix will be seamlessly applied to their system.

2.  Users using versions of AOL that are older than 9.0 are strongly
recommended to upgrade to the latest version of AOL 9.0 Security Edition.


Acknowledgments

AOL would like to thank CERT/CC for their assistance in identifying and
responsibly reporting these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information