CVE-2007-6250 - Buffer Errors vulnerability in AOL and Microsoft products

Publication

2008-01-09

Last modification

2017-08-08

Summary

Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.

Description

AOL Radio AmpX ActiveX control is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.Invoking the object from a malicious website or HTML email may trigger the condition. A successful attack would corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.This issue affects versions prior to 'AmpX.dll' 2.6.2.6.

Solution

The vendor released an update to address this issue. Please see the references for more information.

Exploit

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Microsoft Ampx 
AOL Aolmediaplaybackcontrol