CVE-2007-6699

AIM PicEditor 9.5.1.8 - Buffer Overflow

Title source: llm

Description

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar Broad · htmldoswindows

https://www.exploit-db.com/exploits/30936

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019143

[Exploit] http://seclists.org/fulldisclosure/2007/Dec/0561.html

[Mailing List] http://seclists.org/fulldisclosure/2007/Dec/0574.html

[Exploit] http://www.securityfocus.com/bid/27026

[Third Party Advisory, VDB Entry] http://osvdb.org/41198

Scores

EPSS 0.0467

EPSS Percentile 89.4%

Details

CWE

CWE-119

Status published

Products (1)

aol/ygp_piceditor_activex_control 9.5.1.8

Published Feb 04, 2008

Tracked Since Feb 18, 2026