CVE-2006-6442

Name of the Vulnerable Software and Affected Versions CDDBControlAOL.CDDBAOLControl ActiveX control versions in America Online (AOL) 7.0 4114.563 through 9.0 Security Edition 4156.910

Description The issue is a stack-based buffer overflow in the SetClientInfo function, allowing remote attackers to execute arbitrary code via a long ClientId argument.

Recommendations For versions 7.0 4114.563 through 9.0 Security Edition 4156.910, consider disabling the SetClientInfo function until a patch is available. Restrict access to the cddbcontrol.dll module to minimize the risk of exploitation. Avoid using the ClientId argument in the affected ActiveX control until the issue is resolved.