CVE-2006-3888
CVSS7.5
发布时间 :2006-10-10 19:07:00
修订时间 :2011-03-07 21:39:38
NMCOS    

[原文]Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.


[CNNVD]AOL YGP ActiveX控件'YGPPicDownload.dll'缓冲区溢出漏洞(CNNVD-200610-119)

        America Online 9.0 Security Edition是美国在线发布的基于Internet Explorer技术的客户端软件,可提供安全性和可用性功能。
        AOL客户端所安装的ActiveX控件YGPPicDownload.dll中存在安全漏洞,具体如下:
        1) 如果访问了恶意站点的话,就可能触发AOL的YGP (You've Got Pictures)屏保和AOL YGP Pic Downloader ActiveX控件中的缓冲区溢出漏洞。
        2) 如果访问了恶意站点的话,就可能触发AOL YGP Pic Downloader ActiveX控件的SetAlbumName()方法实现上的缓冲区溢出漏洞。
        成功攻击可能导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3888
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3888
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200610-119
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/661524
(UNKNOWN)  CERT-VN  VU#661524
http://xforce.iss.net/xforce/xfdb/29410
(UNKNOWN)  XF  aol-ygp-pic-downloader-bo(29410)
http://www.vupen.com/english/advisories/2006/3967
(UNKNOWN)  VUPEN  ADV-2006-3967
http://www.securityfocus.com/bid/20425
(UNKNOWN)  BID  20425
http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8
(UNKNOWN)  CONFIRM  http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8
http://securitytracker.com/id?1017024
(UNKNOWN)  SECTRACK  1017024
http://secunia.com/advisories/22304
(UNKNOWN)  SECUNIA  22304
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420
(UNKNOWN)  IDEFENSE  20061011 AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability
http://xforce.iss.net/xforce/xfdb/29494
(UNKNOWN)  XF  aol-ygp-setalbumname-bo(29494)
http://www.securityfocus.com/bid/20472
(UNKNOWN)  BID  20472

- 漏洞信息

AOL YGP ActiveX控件'YGPPicDownload.dll'缓冲区溢出漏洞
高危 缓冲区溢出
2006-10-10 00:00:00 2006-10-18 00:00:00
远程  
        America Online 9.0 Security Edition是美国在线发布的基于Internet Explorer技术的客户端软件,可提供安全性和可用性功能。
        AOL客户端所安装的ActiveX控件YGPPicDownload.dll中存在安全漏洞,具体如下:
        1) 如果访问了恶意站点的话,就可能触发AOL的YGP (You've Got Pictures)屏保和AOL YGP Pic Downloader ActiveX控件中的缓冲区溢出漏洞。
        2) 如果访问了恶意站点的话,就可能触发AOL YGP Pic Downloader ActiveX控件的SetAlbumName()方法实现上的缓冲区溢出漏洞。
        成功攻击可能导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 禁用AOL YGP Pic Downloader ActiveX控件
        * 禁用ActiveX控件
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.corp.aol.com/products/brands_aol2.shtml

- 漏洞信息

29600
AOL YGP YGPPDownload ActiveX SetAlbumName Method Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity
Exploit Private

- 漏洞描述

- 时间线

2006-10-10 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, AOL has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

AOL You've Got Pictures ActiveX Controls Buffer Overflow Vulnerabilities
Boundary Condition Error 20425
Yes No
2006-10-10 12:00:00 2006-10-11 07:24:00
Will Dormann of CERT/CC reported these issues to the vendor.

- 受影响的程序版本

AOL Client Software 9.0
AOL Client Software 8.0 +
AOL Client Software 8.0

- 漏洞讨论

AOL You've Got Pictures (YGP) ActiveX controls are prone to multiple buffer-overflow vulnerabilities.

A user can invoke the object from a malicious web page to trigger the condition. If the vulnerabilities are successfully exploited, this would result in a denial-of-service condition due to a runtime error in the affected module that crashes the running instance of the client application that the object is invoked through (typically Internet Explorer). An attacker may also be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.

YGP ScreenSaver and YGP Pic Downloader ActiveX controls are vulnerable to these issues.

- 漏洞利用

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Fixes are available from the vendor through the AOL Client software's automatic update feature.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站