CVE-2010-10015

HIGH

AOL <= 9.5 (Revision 4337.155) - Stack-based Buffer Overflow via Phobos.Playlist Import Method

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-10015. PoCs published by Dz_attacker, Hellcode Research, including Metasploit module exploits/windows/fileformat/aol_phobos_bof.

AI-analyzed exploit summary This exploit targets an ActiveX control vulnerability in AOL 9.5 via a heap spray technique to achieve remote code execution. It uses JavaScript to spray the heap with NOP sleds and shellcode, then triggers the vulnerability to execute the payload (calc.exe).

Description

AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Dz_attacker · htmlremotewindows

https://www.exploit-db.com/exploits/11204

View Code ZIP pw:eip

This exploit targets an ActiveX control vulnerability in AOL 9.5 via a heap spray technique to achieve remote code execution. It uses JavaScript to spray the heap with NOP sleds and shellcode, then triggers the vulnerability to execute the payload (calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AOL 9.5 ActiveX control (clsid:A105BD70-BF56-4D10-BC91-41C88321F47C)

No auth needed

Prerequisites: Victim must be using AOL 9.5 with the vulnerable ActiveX control enabled · Victim must visit the malicious HTML page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hellcode Research · textdoswindows

https://www.exploit-db.com/exploits/11190

View Code ZIP pw:eip

This PoC exploits a heap overflow vulnerability in the ActiveX control 'CDDBControl.dll' in AOL 9.5 by sending an overly long string to the BindToFile() method, potentially allowing remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AOL 9.5

No auth needed

Prerequisites: Victim must have AOL 9.5 installed · ActiveX controls must be enabled

MITRE ATT&CK

T1221 - Template Injection T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack-based buffer overflow in AOL 9.5's Phobos.dll via the 'Import()' method. It generates an HTML file with malicious JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AOL 9.5 (Revision 4337.155) with Phobos.dll (File Version: 9.5.0.1)

No auth needed

Prerequisites: Victim must open the generated HTML file locally due to ActiveX control restrictions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Exploit, Third Party Advisory

https://www.exploit-db.com/exploits/11190

Various Sources technical-description exploit

https://web.archive.org/web/20100804162117/http://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/11204

Various Sources third-party-advisory

https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26569

Vendor Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/32026/aol-phobos-dll-activex-control-import-buffer-overflow

Various Sources product

https://appdb.winehq.org/objectManager.php?sClass=version&iId=20354

Exploit, Third Party Advisory exploit

http://www.exploit-db.com/exploits/11190

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/aol-phobos-playlist-import-stack-based-buffer-overflow

Scores

CVSS v4 8.4

EPSS 0.0049

EPSS Percentile 38.0%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

AOL/AOL < 9.5 (Revision 4337.155)

Published Aug 21, 2025

Tracked Since Feb 18, 2026