Vulnerabilities > CVE-2006-5820 - Remote Code Execution vulnerability in AOL 9.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.
Exploit-Db
description | AOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta). CVE-2006-5820. Remote exploit for windows platform |
id | EDB-ID:3662 |
last seen | 2016-01-31 |
modified | 2007-04-04 |
published | 2007-04-04 |
reporter | Krad Chad |
source | https://www.exploit-db.com/download/3662/ |
title | AOL SuperBuddy ActiveX Control Remote Code Execution Exploit meta |
Packetstorm
data source | https://packetstormsecurity.com/files/download/55663/aol-activex.txt |
id | PACKETSTORM:55663 |
last seen | 2016-12-05 |
published | 2007-04-05 |
reporter | Krad Chad |
source | https://packetstormsecurity.com/files/55663/aol-activex.txt.html |
title | aol-activex.txt |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:6595 |
last seen | 2017-11-19 |
modified | 2007-04-07 |
published | 2007-04-07 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-6595 |
title | AOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta) |
References
- http://osvdb.org/34318
- http://secunia.com/advisories/24714
- http://securityreason.com/securityalert/2513
- http://www.kb.cert.org/vuls/id/478225
- http://www.securityfocus.com/archive/1/464313/100/0/threaded
- http://www.securityfocus.com/bid/23224
- http://www.tippingpoint.com/security/advisories/TSRT-07-03.html
- http://www.vupen.com/english/advisories/2007/1184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33347