CVE-2006-6442 Information

Description

Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll) as used in America Online (AOL) 7.0 4114.563 8.0 4129.230 and 9.0 Security Edition 4156.910 and possibly other products allows remote attackers to execute arbitrary code via a long ClientId argument.

Reference

http://attrition.org/pipermail/vim/2006-December/001173.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html http://secunia.com/advisories/23043 http://secunia.com/secunia_research/2006-69/advisory/ http://securitytracker.com/id?1017357 http://www.securityfocus.com/archive/1/454105/100/0/threaded http://www.securityfocus.com/bid/21488 http://www.vupen.com/english/advisories/2006/4904 https://exchange.xforce.ibmcloud.com/vulnerabilities/30790