Vulnerabilities > CVE-2006-5820 - Remote Code Execution vulnerability in AOL 9.0

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
aol
critical
exploit available

Summary

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

Vulnerable Configurations

Part Description Count
Application
Aol
1

Exploit-Db

descriptionAOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta). CVE-2006-5820. Remote exploit for windows platform
idEDB-ID:3662
last seen2016-01-31
modified2007-04-04
published2007-04-04
reporterKrad Chad
sourcehttps://www.exploit-db.com/download/3662/
titleAOL SuperBuddy ActiveX Control Remote Code Execution Exploit meta

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/55663/aol-activex.txt
idPACKETSTORM:55663
last seen2016-12-05
published2007-04-05
reporterKrad Chad
sourcehttps://packetstormsecurity.com/files/55663/aol-activex.txt.html
titleaol-activex.txt

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:6595
last seen2017-11-19
modified2007-04-07
published2007-04-07
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-6595
titleAOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta)