Product: AOL 9.5 Vulnerability: ActiveX - Heap Overflow Discussion: Vulnerability is in Activex Control ("CDDBControl.dll") Sending a string to BindToFile() , triggering the vulnerability. Successful exploitation allow remote attackers to execute arbitrary code. Credits: Celil 'karak0rsan' Unuver and murderkey from Hellcode Research tcc.hellcode.net forum.hellcode.net L4stW0rdZ: "hi francis, do you think we forget you ??? ofcourse not, dont wait patch, dont support vendors and security industry ...." - mkey --------------- PoC .wsf script: