PT-2007-1187 · America Online · Superbuddy Activex Control+1

Cody Pierce

Published

2007-04-02

Updated

2018-10-17

CVE-2006-5820

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: America Online version 9.0 Security Edition

Description: The issue concerns the LinkSBIcons method in the SuperBuddy ActiveX control, which dereferences an arbitrary function pointer. This allows remote attackers to execute arbitrary code via a modified pointer value.

Recommendations: For America Online version 9.0 Security Edition, consider disabling the LinkSBIcons method in the SuperBuddy ActiveX control as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5820

Affected Products

America Online

Superbuddy Activex Control

PT-2007-1187 · America Online · Superbuddy Activex Control+1

CVE-2006-5820

Related Identifiers

Affected Products

References · 11