| VID |
28129 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has an AOL You've Got Pictures ActiveX control that is vulnerable to a buffer overflow vulnerability. AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. The AOL YPG Picture Finder Tool ActiveX control (in YGPPicFinder.DLL) contains a buffer overflow vulnerability. The control was distributed as part of AOL 8.0, 8.0+, and 9.0 Classic and via the "You've Got Pictures" web site prior to 2004. A remote attacker can create a malicious Web page that, when loaded by the target user, will load the affected ActiveX control and potentially execute arbitrary code on the target system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vuls/id/715730
http://www.frsirt.com/english/advisories/2006/0221
http://securitytracker.com/alerts/2006/Jan/1015494.html
* Platforms Affected:
AOL/Time Warner, AOL 8.0, AOL 8.0 Plus, AOL 9.0 Classic
Microsoft Windows Any version |
| Recommendation |
Upgrade to AOL 9.0 Optimized or AOL 9.0 Security Edition.
-- OR --
Download and run AOL's removal tool (YPGClean.exe), available from the AOL Download Web site at http://download.newaol.com/security/ |
| Related URL |
CVE-2006-0316 (CVE) |
| Related URL |
16262 (SecurityFocus) |
| Related URL |
24160 (ISS) |
|
