Vulnerabilities > CVE-2009-3658 - Use After Free vulnerability in AOL Superbuddy Activex Control 9.5.0.1

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
aol
CWE-416
exploit available
NVD
Published: 2009-10-09
Updated: 2024-02-03

Summary

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

Vulnerable Configurations

Part Description Count
Application
Aol
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionAOL 9.1 SuperBuddy ActiveX Control remote code execution. CVE-2009-3658. Remote exploit for windows platform
idEDB-ID:9992
last seen2016-02-01
modified2009-10-01
published2009-10-01
reporterTrotzkista
sourcehttps://www.exploit-db.com/download/9992/
titleAOL 9.1 SuperBuddy ActiveX Control Remote code execution

Oval

accepted2011-08-22T04:01:34.527-04:00
classvulnerability
contributors
  • nameAntu Sanadi
    organizationSecPod Technologies
  • nameTodd Dolinsky
    organizationHewlett-Packard
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentAOL is installed
ovaloval:org.mitre.oval:def:6607
descriptionUse-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
familywindows
idoval:org.mitre.oval:def:6704
statusaccepted
submitted2009-11-25T18:28:46
titleAOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability.
version24

References