CVE-2010-10015
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aol | aol | 9.5 |
| aol | phobos | 9.5 |
| aol | phobos | 9.5.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AOL versions up to 9.5 in an ActiveX control called Phobos.dll. The control exposes a method Import() that is vulnerable to a stack-based buffer overflow when given an excessively long string argument. This can allow remote attackers to execute arbitrary code in the context of the user, but only if the malicious HTML file is opened locally because the control is not marked safe for scripting or initialization.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the user running the vulnerable AOL software. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of the affected system. However, exploitation requires the user to open a malicious HTML file locally.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening malicious HTML files locally that use the vulnerable Phobos.dll ActiveX control. Since the affected AOL 9.5 desktop software is discontinued and no longer maintained, consider uninstalling or not using this legacy software. Use updated and supported software versions to reduce risk.