CVE-2006-5820

EXPLOITED

America Online 9.0 - RCE

Title source: llm

Description

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Krad Chad · rubyremotewindows

https://www.exploit-db.com/exploits/3662

View Code ZIP pw:eip

References (9)

[US Government Resource] http://www.kb.cert.org/vuls/id/478225

[Vendor Advisory] http://www.tippingpoint.com/security/advisories/TSRT-07-03.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33347

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/464313/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23224

[Third Party Advisory, VDB Entry] http://osvdb.org/34318

[Third Party Advisory] http://secunia.com/advisories/24714

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1184

[Third Party Advisory] http://securityreason.com/securityalert/2513

Scores

EPSS 0.3912

EPSS Percentile 97.3%

Details

VulnCheck KEV 2008-03-03

Status published

Products (1)

aol/aol 9.0

Published Apr 02, 2007

Tracked Since Feb 18, 2026