[NT] AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 12 Nov 2007 17:06:35 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities
America Online's <http://music.aol.com/radioguide/bb/> AmpX is an ActiveX
control associated with AOL Radio. It is typically used for embedding
streaming audio content in web pages.
Remote exploitation of multiple buffer overflow vulnerabilities in AOL's
AmpX ActiveX control could allow attackers to execute arbitrary code with
the credentials of the user visiting a malicious website.
* America Online's AmpX.dll version 18.104.22.168
(Other versions are suspected to be vulnerable)
Several methods within the vulnerable ActiveX control (CLSID
B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to
stack-based buffer overflows. In each case, variable length attacker
supplied data is copied into a fixed-size stack buffer using the strcpy()
function. Since no input validation is performed, it is possible to
corrupt stack memory, resulting in an exploitable condition.
Exploitation allows an attacker to execute arbitrary code in the context
of the user viewing a malicious web page. In order to be successful, the
attacker must persuade a user with the vulnerable control installed into
viewing a malicious web page. No further interaction is required.
In order to prevent exploitation of this vulnerability, an administrator
can set the kill-bit for the vulnerable control. While this does not fix
the vulnerability, it does prevent the control from being loaded in
"An updated version of AOL Radio with enhanced security features is now
available. AOL recommends that you download and install the update to get
the best and most secure performance from AOL Radio. If you use AIM or
other AOL software, you will automatically receive a prompt to update AOL
Radio and you do not need to download and install this update now.
Otherwise, please download the update from the URL below and double-click
on the file to finish updating AOL Radio:
The information has been provided by iDefense.
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Link Grammar "separate_sentence()" Buffer Overflow
- Next by Date: [UNIX] IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability
- Previous by thread: [UNIX] Link Grammar "separate_sentence()" Buffer Overflow
- Next by thread: [UNIX] IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability