製品・ソフトウェアに関する情報

JVN脆弱性詳細

America Online Security Edition で使用される AOL.YGP Pic Downloader YGPPDownload ActiveX におけるバッファオーバーフローの脆弱性

Title	America Online Security Edition で使用される AOL.YGP Pic Downloader YGPPDownload ActiveX におけるバッファオーバーフローの脆弱性
Summary	America Online Security Edition で使用される AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX コントロール (AOL.PicDownloadCtrl.1, YGPPicDownload.dll) には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、SetAlbumName メソッドへの過度に長い引数を介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 10, 2006, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

Affected System

AOL

ygp pic downloader activex control

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-3888	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3888
National Vulnerability Database (NVD)
2	CVE-2006-3888	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3888

ベンダー情報

No	Name	URL
AOL
1	Top Page	http://www.aol.com/

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#661524	http://www.kb.cert.org/vuls/id/661524

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-3888

Summary	Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
Summary	Desbordamiento de búfer en el control ActiveX de AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), como el utilizado en la Edición de Seguridad America Online 9.0, permite a atacantes remotos ejecutar código de su elección mediante el paso de un argumento largo al método SetAlbumName.
Publication Date	Oct. 11, 2006, 8:07 a.m.
Registration Date	Jan. 29, 2021, 3:42 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:aol:ygp_pic_downloader_activex_control::::::::

Related information, measures and tools

No	URL	refsource
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420	cret@cert.org
2	http://secunia.com/advisories/22304	cret@cert.org
3	http://securitytracker.com/id?1017024	cret@cert.org
4	http://www.kb.cert.org/vuls/id/661524	cret@cert.org
5	http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8	cret@cert.org
6	http://www.securityfocus.com/bid/20425	cret@cert.org
7	http://www.securityfocus.com/bid/20472	cret@cert.org
8	http://www.vupen.com/english/advisories/2006/3967	cret@cert.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/29410	cret@cert.org
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/29494	cret@cert.org
11	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/22304	af854a3a-2127-422b-91ae-364da2661108
13	http://securitytracker.com/id?1017024	af854a3a-2127-422b-91ae-364da2661108
14	http://www.kb.cert.org/vuls/id/661524	af854a3a-2127-422b-91ae-364da2661108
15	http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/20425	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securityfocus.com/bid/20472	af854a3a-2127-422b-91ae-364da2661108
18	http://www.vupen.com/english/advisories/2006/3967	af854a3a-2127-422b-91ae-364da2661108
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/29410	af854a3a-2127-422b-91ae-364da2661108
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/29494	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List