Vulnerabilities > AOL
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-14 | CVE-2007-4901 | Remote Script Code Execution vulnerability in AOL AIM Lite, AIM PRO and Instant Messenger The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. network aol | 5.8 |
| 2007-04-10 | CVE-2007-1904 | Directory Traversal vulnerability in AOL ICQ and Instant Messenger Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. network aol | 4.3 |
| 2007-04-02 | CVE-2006-5820 | Remote Code Execution vulnerability in AOL 9.0 The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | 9.3 |
| 2007-03-30 | CVE-2007-1767 | Denial-Of-Service vulnerability in AOL Client Software 9.0 Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. | 7.8 |
| 2006-12-10 | CVE-2006-6442 | Buffer Errors vulnerability in AOL Client Software 7.04114.563/8.04129.230/9.0 Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. | 9.3 |
| 2006-11-07 | CVE-2006-5650 | Remote Code Execution vulnerability in AOL ICQ 5.1 The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | 7.5 |
| 2006-10-25 | CVE-2006-5502 | Buffer Overflow vulnerability in AOL 9.0 Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. | 7.5 |
| 2006-10-25 | CVE-2006-5501 | Buffer Overflow vulnerability in AOL 9.0 Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | 7.5 |
| 2006-10-10 | CVE-2006-3888 | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | 7.5 |
| 2006-10-10 | CVE-2006-3887 | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |