AOL You've Got Pictures ActiveX Control (YGPPicFinder.DLL) Overflow

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains an ActiveX control from AOL called YPG
Picture Finder Tool. It was distributed along with various versions of
AOL's client software and from the You've Got Pictures website prior
to 2004. The 'YGPPicFinder.DLL' component of this control fails to
limit the amount of user-supplied data copied to a finite buffer. This
can be exploited using a specially crafted web page, for example to
overflow the buffer, crash the application using the control
(typically Internet Explorer), and possibly execute arbitrary code
subject to the user's privileges.

See also :

http://download.newaol.com/security/YGPClean.exe

Solution :

Download and run AOL's removal tool.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 20737 ()

Bugtraq ID: 16262

CVE ID: CVE-2006-0316

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now