Notified:  March 13, 2006 Updated: October 09, 2006

Status

Affected

Vendor Statement

Overview AOL has recently been made aware of a security vulnerability present in two ActiveX controls available with AOL client software. The two vulnerable controls are: * YGP Pic Downloader - Shipped with AOL "You've Got Pictures" software * YGP ScreenSaver - Screensaver add-on for the AOL "You've Got Pictures" software Successful exploitation of either vulnerability may result in an attacker being able to execute arbitrary code on a vulnerable system. Affected Products and Applications All AOL software versions are affected by this issue. Solutions 1. Users of AOL 9.0 or AOL 9.0 Security Edition are recommended to log in to the AOL service and a fix will be seamlessly applied to their system. 2. Users using versions of AOL that are older than 9.0 are strongly recommended to upgrade to the latest version of AOL 9.0 Security Edition. Acknowledgments AOL would like to thank CERT/CC for their assistance in identifying and responsibly reporting these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.