CVE-2007-6699 Information

Description

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You’ve Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName (2) FinalSavePath (3) ForceSaveTo (4) HiddenControls (5) InitialEditorScreen (6) Locale (7) Proxy and (8) UserAgent property values.

Reference

http://osvdb.org/41198 http://seclists.org/fulldisclosure/2007/Dec/0561.html http://seclists.org/fulldisclosure/2007/Dec/0574.html http://www.securityfocus.com/bid/27026 http://www.securitytracker.com/id?1019143