Vulnerability Note VU#715730

AOL You've Got Pictures ActiveX control buffer overflow

Original Release date: 16 Jan 2006 | Last revised: 31 Jan 2006


The AOL You've Got Pictures service contains a buffer overflow that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.


AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. There is a buffer overflow in an AOL YPG Picture Finder Tool ActiveX Control. This control is provided by YGPPicFinder.DLL. This vulnerability affects AOL 8.0, 8.0 Plus, and 9.0 Classic. In addition, the vulnerable control was distributed via the You've Got Pictures web site prior to 2004.


A remote attacker may be able to execute arbitrary code or cause a denial-of-service condition.



Upgrading to AOL 9.0 Optimized and AOL 9.0 Security Edition corrects this issue. In addition, AOL has released a hotfix to correct this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
America Online, Inc.Affected05 Jan 200609 Jan 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported by AOL. AOL credits Richard M. Smith for providing information regarding this vulnerability.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 16 Jan 2006
  • Date First Published: 16 Jan 2006
  • Date Last Updated: 31 Jan 2006
  • Severity Metric: 1.59
  • Document Revision: 52


If you have feedback, comments, or additional information about this vulnerability, please send us email.