AOL Desktop .rtx File Buffer Overflow

Added: 03/18/2011
BID: 46129
OSVDB: 70741

Background

AOL Desktop is an internet suite that integrates a web browser, media player, and IM client.

Problem

A heap overflow vulnerability exists in the Rich Text file parser of AOL Desktop 9.x. In documents with HTML links, the parser does not properly validate the length of the "HREF" attribute in "A" tags.

Resolution

This vulnerability has not been patched by the vendor.

References

http://secunia.com/advisories/43136/

Limitations

This exploit works against AOL Desktop 9.6 running on Microsoft Windows XP SP3 English (DEP OptIn).

Platforms

Windows XP
Windows Vista / Windows 7

Back to exploit index