CVE-2006-5820 - The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Sec

CVE-2006-5820

Summary

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

References

Vulnerable Configurations

cpe:2.3:a:aol:aol:9.0:*:security:*:*:*:*:*
cpe:2.3:a:aol:aol:9.0:*:security:*:*:*:*:*

CVSS

Base:	9.3 (as of 17-10-2018 - 21:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23224
bugtraq	20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerability
cert-vn	VU#478225
misc	http://www.tippingpoint.com/security/advisories/TSRT-07-03.html
osvdb	34318
secunia	24714
sreason	2513
vupen	ADV-2007-1184
xf	aol-superbuddy-activex-code-execution(33347)

Last major update

17-10-2018 - 21:45

Published

02-04-2007 - 22:19

Last modified

17-10-2018 - 21:45