CVE-2010-10015

EPSS 0.12%
Veröffentlicht 21.08.2025 20:15:30
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle disclosure@vulncheck.com
Teams Watchlist Login
Unerledigt Login

AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAOL

≫

Produkt AOL

Default Statusunaffected

Version <= 9.5 (Revision 4337.155)

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://www.exploit-db.com/exploits/11190

https://appdb.winehq.org/objectManager.php?sClass=version&iId=20354

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb

https://web.archive.org/web/20100804162117/http://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/

https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26569

https://www.exploit-db.com/exploits/11204

https://www.fortiguard.com/encyclopedia/ips/32026/aol-phobos-dll-activex-control-import-buffer-overflow

https://www.vulncheck.com/advisories/aol-phobos-playlist-import-stack-based-buffer-overflow

https://www.exploit-db.com/exploits/11190

https://nvd.nist.gov/vuln/detail/CVE-2010-10015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-10015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-10015

EUVD