CVE-2006-0316

Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news
http://secunia.com/advisories/18521	Patch Vendor Advisory
http://securitytracker.com/id?1015494
http://www.kb.cert.org/vuls/id/715730	Patch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-6KRSQP	Vendor Advisory
http://www.osvdb.org/22486
http://www.securityfocus.com/bid/16262	Patch
http://www.vupen.com/english/advisories/2006/0221
https://exchange.xforce.ibmcloud.com/vulnerabilities/24160
http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news
http://secunia.com/advisories/18521	Patch Vendor Advisory
http://securitytracker.com/id?1015494
http://www.kb.cert.org/vuls/id/715730	Patch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-6KRSQP	Vendor Advisory
http://www.osvdb.org/22486
http://www.securityfocus.com/bid/16262	Patch
http://www.vupen.com/english/advisories/2006/0221
https://exchange.xforce.ibmcloud.com/vulnerabilities/24160

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aol:aol_client_software:8.0:::::::*
	cpe:2.3:a:aol:aol_client_software:8.0::plus:::::
	cpe:2.3:a:aol:aol_client_software:9.0::classic:::::

History

No history.

Information

Published : 2006-01-19 01:03

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0316

Mitre link : CVE-2006-0316

CVE.ORG link : CVE-2006-0316

JSON object : View

Products Affected

aol

aol_client_software

CWE

NVD-CWE-Other

{"id": "CVE-2006-0316", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-01-19T01:03:00.000", "references": [{"url": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18521", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015494", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/715730", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22486", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16262", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0221", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160", "source": "cve@mitre.org"}, {"url": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18521", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015494", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/715730", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22486", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/16262", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0221", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aol:aol_client_software:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "421B7EB3-0D6B-4E8D-8765-FB82D2ABB4F6"}, {"criteria": "cpe:2.3:a:aol:aol_client_software:8.0:*:plus:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F82519AB-EE21-48F9-A4C7-9EAB30FEE12A"}, {"criteria": "cpe:2.3:a:aol:aol_client_software:9.0:*:classic:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F8C3160-A22D-4B29-A7AC-716CBF5CC1ED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}