Intrusion Prevention

AOL.YGPPDownload.ActiveX.Control.Client-Side.Buffer.Overflow

Description

This indicates a possible exploit of a buffer overflow vulnerability in the "AOL.PicDownloadCtrl.1" ActiveX control (YGPPicDownload.dll).
This issue is due to buffer overflow errors in the "YGPPDownload" ActiveX control when processing malformed arguments passed to the "AddPictureNoAlbum()" method and the "downloadFileDirectory" property.

Affected Products

AOL version 9.0 and prior.
AOL version 9.0 (Security Edition) and prior.

Impact

The execution of arbitrary code on the system.

Recommended Actions

Log in to the AOL service to apply patches automatically :
http://free.aol.com/downloadaol

CVE References

CVE-2006-5502 CVE-2006-5501