Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
AOL Desktop Buffer Overflow Vulnerability in .rtx File Parsing
Vulnerability
A stack-based buffer overflow vulnerability has been identified in AOL Desktop 9.6. The issue arises in the Tool\rich.rct component when the application processes .rtx files. An attacker can exploit this vulnerability by embedding an excessively long string in a hyperlink tag, which leads to a buffer overflow due to the use of unsafe string copy operations. This vulnerability allows remote attackers to execute arbitrary code on the victim's system when the malicious .rtx file is opened.
Impact
Exploitation of this vulnerability allows remote code execution on the affected system.
Reproduction
The vulnerability can be reproduced by creating a .rtx file that includes a hyperlink tag with an overly long string. When this file is opened in AOL Desktop 9.6, the buffer overflow occurs, allowing for arbitrary code execution.
Remediation
AOL Desktop 9.6 is no longer supported, and users are advised to upgrade to AOL Desktop Gold or consider alternative platforms.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.