Vulnerabilities > AOL > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-03 | CVE-2009-2404 | Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | 9.3 |
| 2008-01-09 | CVE-2007-6250 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. | 9.3 |
| 2007-11-14 | CVE-2007-5755 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in AOL Radio Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. | 9.3 |
| 2007-04-02 | CVE-2006-5820 | Remote Code Execution vulnerability in AOL 9.0 The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | 9.3 |
| 2006-12-10 | CVE-2006-6442 | Buffer Errors vulnerability in AOL Client Software 7.04114.563/8.04129.230/9.0 Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. | 9.3 |
| 2006-01-19 | CVE-2006-0316 | Buffer Overflow vulnerability in AOL Client Software 8.0/9.0 Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2004-11-23 | CVE-2004-0636 | Unspecified vulnerability in AOL Instant Messenger 5.5/5.5.3415Beta/5.5.3595 Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. | 10.0 |
| 2002-01-31 | CVE-2002-0005 | Remote Buffer Overflow in AOL Instant Messenger Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). | 10.0 |
| 2001-08-31 | CVE-2001-1067 | Buffer Overflow vulnerability in AOLServer Long Authentication String Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. | 10.0 |