---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: AOL YGP ActiveX Controls Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22304 VERIFY ADVISORY: http://secunia.com/advisories/22304/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: AOL 8.x http://secunia.com/product/6839/ AOL 9.x http://secunia.com/product/6840/ DESCRIPTION: CERT/CC has reported two vulnerabilities in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to unspecified boundary errors within the AOL YGP (You've Got Pictures) Screensaver and the AOL YGP (You've Got Pictures) Pic Downloader ActiveX controls. This can be exploited to cause a buffer overflow when e.g. visiting a malicious website. Successful exploitation may allow execution of arbitrary code. SOLUTION: Updates are automatically available by logging into the AOL service. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: US-CERT VU#154641: http://www.kb.cert.org/vuls/id/154641 US-CERT VU#661524: http://www.kb.cert.org/vuls/id/661524 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------