CVE-2009-3658

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://retrogod.altervista.org/9sg_aol_91_superbuddy.html	Broken Link Exploit
http://secunia.com/advisories/36919	Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/506889/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36580	Broken Link Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/2812	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53614	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:aol:superbuddy_activex_control:9.5.0.1:*:*:*:*:*:*:*

History

03 Feb 2024, 02:27

Type	Values Removed	Values Added
CPE	cpe:2.3:a:aol:sb.superbuddy.1_active_x_control:9.5.0.1:::::::* cpe:2.3:a:aol:internet_software:9.1:::::::*	cpe:2.3:a:aol:superbuddy_activex_control:9.5.0.1:::::::*
CVSS	v2 : ~~9.3~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 8.8
First Time		Aol superbuddy Activex Control
CWE	~~CWE-399~~	CWE-416
References	~~() http://retrogod.altervista.org/9sg_aol_91_superbuddy.html - Exploit~~	() http://retrogod.altervista.org/9sg_aol_91_superbuddy.html - Broken Link, Exploit
References	~~() http://secunia.com/advisories/36919 - Vendor Advisory~~	() http://secunia.com/advisories/36919 - Broken Link, Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/506889/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/506889/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/36580 - Exploit~~	() http://www.securityfocus.com/bid/36580 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2009/2812 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/2812 - Broken Link, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/53614 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/53614 - Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704 - Broken Link

Information

Published : 2009-10-09 14:30

Updated : 2024-02-03 02:27

NVD link : CVE-2009-3658

Mitre link : CVE-2009-3658

CVE.ORG link : CVE-2009-3658

JSON object : View

Products Affected

aol

superbuddy_activex_control

CWE

CWE-416

Use After Free

8.8 /10