Radio listening with side effects
Users of AOL's Internet radio should install an AOL ActiveX control update to avoid having their PCs infected by specially crafted web pages. According to iDefense, attackers can provoke several buffer overflows in the AmpX.dll control to inject and execute arbitrary code on a PC. This results from use of the strcpy function in several modules without checking the length of the parameters submitted.
The flaw was detected in version 2.6.1.11 of AOL's AmpX.dll, but earlier versions are also likely to be affected. According to AOL, the update is delivered to users of AIM and other AOL software automatically. As an alternative, AOL is also offering a patch (.EXE file) for download.
- AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities, iDefense advisory
(mba)