CVE-2007-5755

AOL Radio AmpX ActiveX Control - Remote Code Execution via Stack-Based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5755. Includes Metasploit module exploits/windows/browser/aol_ampx_convertfile.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in the AOL Radio AmpX ActiveX control (AmpX.dll v2.4.0.6) via an overly long value passed to the ConvertFile() method, leading to arbitrary code execution.

Description

Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.

Exploits (1)

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/aol_ampx_convertfile.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in the AOL Radio AmpX ActiveX control (AmpX.dll v2.4.0.6) via an overly long value passed to the ConvertFile() method, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AOL Radio AmpX ActiveX Control (AmpX.dll) version 2.4.0.6

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · AOL Radio AmpX ActiveX control must be installed

MITRE ATT&CK