HTTP: AOL SB.SuperBuddy.1 ActiveX Control Remote Code Execution
This signature detects attempts to exploit a known vulnerability in America Online (AOL). Attackers can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the target system.
Extended Description
AOL SB.SuperBuddy.1 ActiveX control is prone to a remote code-execution vulnerability. An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, the attacker may be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Aol client_software
Short Name
HTTP:STC:CLSID:ACTIVEX:AOL-AX
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
AOL ActiveX CVE-2006-5820 Code Control Execution Remote SB.SuperBuddy.1 bid:23224
Release Date
04/24/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Aol
CVSS Score
9.3