CVE-2006-0316

Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news
http://www.kb.cert.org/vuls/id/MIMG-6KRSQP	Vendor Advisory
http://www.kb.cert.org/vuls/id/715730	Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/16262	Patch
http://www.osvdb.org/22486
http://secunia.com/advisories/18521	Patch Vendor Advisory
http://securitytracker.com/id?1015494
http://www.vupen.com/english/advisories/2006/0221
https://exchange.xforce.ibmcloud.com/vulnerabilities/24160

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aol:aol_client_software:8.0:::::::*
	cpe:2.3:a:aol:aol_client_software:8.0::plus:::::
	cpe:2.3:a:aol:aol_client_software:9.0::classic:::::

Information

Published : 2006-01-18 17:03

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0316

Mitre link : CVE-2006-0316

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

aol

aol_client_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", "name": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", "name": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/715730", "name": "VU#715730", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/16262", "name": "16262", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.osvdb.org/22486", "name": "22486", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/18521", "name": "18521", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1015494", "name": "1015494", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2006/0221", "name": "ADV-2006-0221", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160", "name": "aol-youvegotpictures-activex-bo(24160)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0316", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-01-19T01:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:aol:aol_client_software:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aol:aol_client_software:8.0:*:plus:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aol:aol_client_software:9.0:*:classic:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}