ID CVE-2009-3658
Summary Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
References
Vulnerable Configurations
  • cpe:2.3:a:aol:superbuddy_activex_control:9.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:aol:superbuddy_activex_control:9.5.0.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 03-02-2024 - 02:27)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-08-22T04:01:34.527-04:00
class vulnerability
contributors
  • name Antu Sanadi
    organization SecPod Technologies
  • name Todd Dolinsky
    organization Hewlett-Packard
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment AOL is installed
oval oval:org.mitre.oval:def:6607
description Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
family windows
id oval:org.mitre.oval:def:6704
status accepted
submitted 2009-11-25T18:28:46
title AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability.
version 27
refmap via4
bid 36580
bugtraq 20091001 AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit
misc http://retrogod.altervista.org/9sg_aol_91_superbuddy.html
secunia 36919
vupen ADV-2009-2812
xf aol-superbuddy-activex-code-exec(53614)
Last major update 03-02-2024 - 02:27
Published 09-10-2009 - 14:30
Last modified 03-02-2024 - 02:27
Back to Top