Product: AOL 9.5
Vulnerability: ActiveX - Heap Overflow Discussion: Vulnerability is in Activex Control ("CDDBControl.dll") Sending a string to BindToFile() , triggering the vulnerability. Successful exploits allow remote attackers to execute arbitrary code. Debugger Results: (fd0.1274): Access violation - code c0000005 (!!! second chance !!!) eax=7efefefe ebx=00000000 ecx=0020d7c0 edx=41414141 esi=03465df0 edi=02b82000 eip=10033011 esp=0020cdac ebp=0020ed20 iopl=0 nv up ei pl zr na pe nc Credits: Celil 'karak0rsan' Unuver and murderkey from Hellcode Research tcc.hellcode.net forum.hellcode.net PoC and Original Advisory: http://tcc.hellcode.net/advisories/hellcode-adv008.txt