In association with heise online

27 October 2006, 18:37

More problems with dodgy AOL Active X controls

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Vulnerabilities in AOL's "You Got Pictures" (YGP) screen saver may allow an attacker to gain control over systems on which AOL access software is installed. Security services provider iDefense reports that the bug involves a buffer overflow in the downloadFileDirectory and AddPictureNoAlbum functions in the YGPPDownload Active X control. Internet Explorer users may find themselves picking up malicious software through this vulnerability when surfing on manipulated websites on the internet. Just two weeks ago, security experts discovered comparable flaws in the YGP components.

iDefense recommends all AOL version 9.0 users to log on to the AOL service in order to start the automatic update mechanism. This fixes the flaw by installing a patched version. Users of older versions of the access software do not, however, enjoy the benefits of automatic updates. They are recommended to update to AOL version 9.0 as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit