AOL Active X controls open up security vulnerabilities
As part of its access software, AOL is distributing Active X controls which download images and display them as a screensaver. Buffer overflows which can be exploited to infiltrate malicious code can occur in these controls, which are part of the "You Got Pictures" system. An attacker could, for example, exploit the security vulnerabilities using prepared websites to gain control over the affected system.
Updated modules are automatically downloaded and installed when the access software logs on to the AOL service. AOL software users should therefore log onto AOL as soon as possible to ensure that their system is safely updated.
- AOL YGP Screensaver ActiveX control buffer overflow, US-CERT vulnerability note
- AOL YGP Pic Downloader Plugin ActiveX control buffer overflow, US-CERT vulnerability note
(ehe)