This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by
buffer overflow vulnerabilities.
The remote host contains the 'AmpX' ActiveX control, which is
associated with AOL Radio.
The version of this control installed on the remote host fails to
validate input to several methods before copying it into a finite-
sized buffer using 'strcpy()'.
In addition, it allows remote access to the application
'AOLMediaPlaybackControl', which contains a stack-based buffer
If a remote attacker can trick a user on the affected host into visiting
a specially crafted web page, these issues could be leveraged to
overflow a buffer, either in the control itself or in
AOLMediaPlaybackControl.exe, and execute arbitrary code on the host
subject to the user's privileges.
See also :
Apply the AOL AmpX Security Update (unagi_patch.exe) referenced above
to upgrade the affected control to version 188.8.131.52 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.5
Public Exploit Available : false