Notified:  January 05, 2006 Updated: January 09, 2006

Status

Affected

Vendor Statement

Overview America Online was recently made aware of a security vulnerability present in an ActiveX control that was distributed as part of our 8.0, 8.0+ and 9.0 Classic software. This control was also distributed via the "You've Got Pictures" web site prior to 2004. AOL 9.0 Optimized and AOL 9.0 Security Edition do not contain this control and are not affected. The control is no longer in use by any AOL systems, and is not needed in order to use AOL's "You've Got Pictures". Affected Products and Applications The following AOL software versions are affected by this issue: * AOL 8.0+ * AOL 9.0 Classic In addition, any Windows platform that has installed plug-ins from the "You've Got Pictures" website prior to 2004 is potentially affected. Solutions 1. America Online, Inc. recommends that all active AOL users of potentially affected software (listed above) sign on to the AOL service where a fix will automatically and transparently be applied to their systems. 2. Affected users who are not active AOL Members may download a hotfix from AOL that will address the issue. The hotfix can be downloaded from http://download.newaol.com/security/YGPClean.exe Acknowledgments America Online, Inc. would like to thank Richard Smith for his assistance to responsibly address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.