CVE-2007-6699

Name of the Vulnerable Software and Affected Versions AOL You've Got Pictures (YGP) Picture Editor version 9.5.1.8

Description The issue concerns multiple buffer overflows in the AIM PicEditor ActiveX control. These overflows can be triggered by a long string in various property values, including DisplayName, FinalSavePath, ForceSaveTo, HiddenControls, InitialEditorScreen, Locale, Proxy, and UserAgent. This can cause a denial of service, resulting in a browser crash.

Recommendations For version 9.5.1.8, consider restricting the input length for the DisplayName, FinalSavePath, ForceSaveTo, HiddenControls, InitialEditorScreen, Locale, Proxy, and UserAgent properties to prevent buffer overflows. As a temporary workaround, avoid using long strings in these property values until a patch is available.