‫ AOL dnUpdater ActiveX Control Code Execution Vulnerability

IRCAD2012062018
ID:IRCAD2012062018
Release Date: 22-06-2012
Criticality level: Highly critical
 
Software:
AOL Deskbar
AOL dnUpdater ActiveX Control
 
Description:
A vulnerability has been reported in AOL dnUpdater ActiveX Control, which can be exploited by malicious people to compromise a user's system.
 
The vulnerability is caused due to the ActiveX control using a certain parameter passed to the "Init()" method as a function pointer and can be exploited to transfer the program flow to an arbitrary memory location.
 
Successful exploitation allows execution of arbitrary code.
 
Solution
Apply updates.
 
 
References:
ZDI:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 تیر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0