AOL Radio AmpX ActiveX Control Buffer Overflow Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
buffer overflow vulnerabilities.

Description :

The remote host contains the 'AmpX' ActiveX control, which is
associated with AOL Radio.

The version of this control installed on the remote host fails to
validate input to several methods before copying it into a finite-
sized buffer using 'strcpy()'.

In addition, it allows remote access to the application
'AOLMediaPlaybackControl', which contains a stack-based buffer
overflow.

If a remote attacker can trick a user on the affected host into visiting
a specially crafted web page, these issues could be leveraged to
overflow a buffer, either in the control itself or in
AOLMediaPlaybackControl.exe, and execute arbitrary code on the host
subject to the user's privileges.

See also :

http://www.nessus.org/u?b098a46c
http://seclists.org/fulldisclosure/2007/Nov/234
http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/unagi_patch.exe

Solution :

Apply the AOL AmpX Security Update (unagi_patch.exe) referenced above
to upgrade the affected control to version 2.6.2.6 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:W/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 27854 (aol_ampx_activex_overflows.nasl)

Bugtraq ID: 26396
27207

CVE ID: CVE-2007-5755
CVE-2007-6250

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now