lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1165831784.2682.238.camel@ts4.intnet>
Date: Mon, 11 Dec 2006 11:09:44 +0100
From: Secunia Research <remove-vuln@...unia.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Secunia Research: AOL CDDBControl ActiveX
	Control	"SetClientInfo()" Buffer Overflow

====================================================================== 

                     Secunia Research 08/12/2006                      

- AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
Vendor Statement.....................................................8
References...........................................................9
About Secunia.......................................................10
Verification........................................................11

====================================================================== 
1) Affected Software 

- America Online 7.0 revision 4114.563
- AOL 8.0 revision 4129.230
- AOL 9.0 Security Edition revision 4156.910

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly critical
Impact: System compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

Product Link:
http://downloads.channel.aol.com/windowsproducts 

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in AOL, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the
"CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when
processing "ClientId" arguments passed to the "SetClientInfo()"
method. This can be exploited to cause a stack-based buffer overflow
by passing an overly long string (more than 256 bytes).

Successful exploitation allows execution of arbitrary code when a user
visits a malicious website with Internet Explorer. In order to exploit
the vulnerability, a certain registry value has to be set to "1111".
This is not set by default, but can be set up automatically by first
instantiating the bundled CerberusCDPlayer ActiveX control.

====================================================================== 
5) Solution 

Updates are automatically available for AOL 9.x users when logging
into the AOL service.

====================================================================== 
6) Time Table 

23/11/2006 - Vendor notified.
24/11/2006 - Provided additional information to the vendor.
24/11/2006 - Vendor response.
08/12/2006 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) Vendor Statement

Overview

AOL has recently been made aware of a security vulnerability present
in the AOL CDDB ActiveX control.  Successful exploitation of the
vulnerability may allow an attacker to execute arbitrary code on a
vulnerable system.


Affected Products and Applications

All AOL software versions are affected by this issue.


Solutions

1.  Users of AOL 9.0 or AOL 9.0 Security Edition are recommended to
log in to the AOL service and a fix will be seamlessly applied to
their system.

2.  Users using versions of AOL that are older than 9.0 are strongly
recommended to upgrade to the latest version of AOL 9.0 Security
Edition.


Acknowledgements

AOL would like to thank Secunia for their efforts in identifying and
responsibly reporting this issue.

====================================================================== 
9) References

The Common Vulnerabilities and Exposures (CVE) project has not
currently assigned a CVE identifier for the security issue.

====================================================================== 
10) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below to
see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/ 

====================================================================== 
11) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-69/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ