CVE-2009-3658

HIGH

AOL SuperBuddy ActiveX Control - Use-After-Free via SetSuperBuddy Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3658. PoCs published by Trotzkista.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sb.SuperBuddy.1 ActiveX control (CVE-2009-3658) by triggering a heap spray with shellcode and a long string to achieve remote code execution.

Description

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trotzkista · textremotewindows

https://www.exploit-db.com/exploits/9992

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Sb.SuperBuddy.1 ActiveX control (CVE-2009-3658) by triggering a heap spray with shellcode and a long string to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sb.SuperBuddy.1 ActiveX control

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting this exploit · Sb.SuperBuddy.1 ActiveX control must be installed and enabled

MITRE ATT&CK