iDefense Security Advisory 11.09.07 - Remote exploitation of multiple buffer overflow vulnerabilities in AOL's AmpX ActiveX control could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Several methods within the vulnerable ActiveX control (CLSID B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to stack-based buffer overflows. In each case, variable length attacker supplied data is copied into a fixed-size stack buffer using the strcpy() function. Since no input validation is performed, it is possible to corrupt stack memory, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in version 2.6.1.11 of America Online's AmpX.dll. Other versions are suspected to be vulnerable.
58fb3b132c0f5e5b01a3d0d2f2b52bbe4987d0a31920d069c961cff7e5c92dba