PT-2008-1660 · Aol · Aol You'Ve Got Pictures

Published

2008-02-04

Updated

2008-11-15

CVE-2007-6699

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions AOL You've Got Pictures (YGP) Picture Editor version 9.5.1.8

Description The issue concerns multiple buffer overflows in the AIM PicEditor ActiveX control. These overflows can be triggered by a long string in various property values, including DisplayName, FinalSavePath, ForceSaveTo, HiddenControls, InitialEditorScreen, Locale, Proxy, and UserAgent. This can cause a denial of service, resulting in a browser crash.

Recommendations For version 9.5.1.8, consider restricting the input length for the DisplayName, FinalSavePath, ForceSaveTo, HiddenControls, InitialEditorScreen, Locale, Proxy, and UserAgent properties to prevent buffer overflows. As a temporary workaround, avoid using long strings in these property values until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-6699

Affected Products

Aol You'Ve Got Pictures

PT-2008-1660 · Aol · Aol You'Ve Got Pictures

CVE-2007-6699

Weakness Enumeration

Related Identifiers

Affected Products

References · 7