CVE-2011-10027
HIGHAOL Desktop 9.6 - Buffer Overflow
Title source: llmDescription
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/17150
exploitdb
WORKING POC
VERIFIED
by sickness · pythonlocalwindows
https://www.exploit-db.com/exploits/16107
exploitdb
WORKING POC
VERIFIED
by sup3r · pythonlocalwindows
https://www.exploit-db.com/exploits/16085
metasploit
WORKING POC
NORMAL
by sup3r, sickn3ss, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
References (6)
Scores
CVSS v4
8.4
EPSS
0.1996
EPSS Percentile
95.5%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (1)
AOL Inc./AOL Desktop
< 9.6
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026