In association with heise online

12 November 2007, 12:48

Radio listening with side effects

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Users of AOL's Internet radio should install an AOL ActiveX control update to avoid having their PCs infected by specially crafted web pages. According to iDefense, attackers can provoke several buffer overflows in the AmpX.dll control to inject and execute arbitrary code on a PC. This results from use of the strcpy function in several modules without checking the length of the parameters submitted.

The flaw was detected in version 2.6.1.11 of AOL's AmpX.dll, but earlier versions are also likely to be affected. According to AOL, the update is delivered to users of AIM and other AOL software automatically. As an alternative, AOL is also offering a patch (.EXE file) for download.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733944
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit