CVE-2011-10027

AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
https://www.exploit-db.com/exploits/16085
https://www.exploit-db.com/exploits/16107
https://www.exploit-db.com/exploits/17150
https://www.fortiguard.com/encyclopedia/ips/26516
https://www.vulncheck.com/advisories/aol-desktop-rtx-stack-based-buffer-overflow

Configurations

No configuration.

History

22 Aug 2025, 18:09

Type	Values Removed	Values Added
Summary		(es) AOL Desktop 9.6 contiene una vulnerabilidad de desbordamiento de búfer en su componente Tool\rich.rct al analizar archivos .rtx. Al incrustar una cadena demasiado larga en una etiqueta de hipervínculo, un atacante puede provocar un desbordamiento de búfer basado en la pila debido al uso de operaciones strcpy inseguras. Esto permite a atacantes remotos ejecutar código arbitrario cuando una víctima abre un archivo .rtx malicioso. AOL Desktop ha finalizado su ciclo de vida y ya no recibe soporte. Se recomienda a los usuarios migrar a AOL Desktop Gold o a plataformas alternativas.

20 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 16:15

Updated : 2025-08-22 18:09

NVD link : CVE-2011-10027

Mitre link : CVE-2011-10027

CVE.ORG link : CVE-2011-10027

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2011-10027", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T16:15:35.617", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_desktop_linktag.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16085", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16107", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/17150", "source": "disclosure@vulncheck.com"}, {"url": "https://www.fortiguard.com/encyclopedia/ips/26516", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/aol-desktop-rtx-stack-based-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file.\u00a0AOL Desktop is end-of-life and no longer supported.\u00a0Users are encouraged to migrate to AOL Desktop Gold or alternative platforms."}, {"lang": "es", "value": "AOL Desktop 9.6 contiene una vulnerabilidad de desbordamiento de b\u00fafer en su componente Tool\\rich.rct al analizar archivos .rtx. Al incrustar una cadena demasiado larga en una etiqueta de hiperv\u00ednculo, un atacante puede provocar un desbordamiento de b\u00fafer basado en la pila debido al uso de operaciones strcpy inseguras. Esto permite a atacantes remotos ejecutar c\u00f3digo arbitrario cuando una v\u00edctima abre un archivo .rtx malicioso. AOL Desktop ha finalizado su ciclo de vida y ya no recibe soporte. Se recomienda a los usuarios migrar a AOL Desktop Gold o a plataformas alternativas."}], "lastModified": "2025-08-22T18:09:17.710", "sourceIdentifier": "disclosure@vulncheck.com"}