CVE-2006-5820

Current Description

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

Basic Data

PublishedApril 02, 2007
Last ModifiedOctober 17, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAolAol9.0*security*****

Vulnerable Software List

VendorProductVersions
Aol Aol 9.0

References

NameSourceURLTags
34318http://osvdb.org/34318OSVDB
24714http://secunia.com/advisories/24714SECUNIA
2513http://securityreason.com/securityalert/2513SREASON
VU#478225http://www.kb.cert.org/vuls/id/478225CERT-VNUS Government Resource
20070330 TSRT-07-03: America Online SuperBuddy ActiveX Control Code Execution Vulnerabilityhttp://www.securityfocus.com/archive/1/464313/100/0/threadedBUGTRAQ
23224http://www.securityfocus.com/bid/23224BID
http://www.tippingpoint.com/security/advisories/TSRT-07-03.htmlhttp://www.tippingpoint.com/security/advisories/TSRT-07-03.htmlMISCVendor Advisory
ADV-2007-1184http://www.vupen.com/english/advisories/2007/1184VUPEN
aol-superbuddy-activex-code-execution(33347)https://exchange.xforce.ibmcloud.com/vulnerabilities/33347XF