CNNVD-202508-2571 Information
CNNVD ID
CNNVD-202508-2571
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
AOL是美国AOL公司的一个门户网站。 AOL 9.5及之前版本存在安全漏洞,该漏洞源于Phobos.Playlist COM对象中Import方法存在栈缓冲区溢出,可能导致执行任意代码。
Description (English)
AOL is a United States AOL portal. AOL 9.5 and previous versions had a security loophole, which stemmed from the spilling of the Import method in the Phobos.Playlist COM object, which could lead to the implementation of arbitrary codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
AOL
Published
2025-08-21
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/11204 https://www.exploit-db.com/exploits/11190 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_phobos_bof.rb https://www.vulncheck.com/advisories/aol-phobos-playlist-import-stack-based-buffer-overflow https://www.fortiguard.com/encyclopedia/ips/32026/aol-phobos-dll-activex-control-import-buffer-overflow https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26569 http://www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/ https://web.archive.org/web/20100804162117/ https://appdb.winehq.org/objectManager.php?sClass=version&iId=20354 http://www.exploit-db.com/exploits/11190 https://nvd.nist.gov/vuln/detail/CVE-2010-10015