CVE-2011-10027
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aol | aol | 9.5 |
| aol | aol_desktop | 9.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Since AOL Desktop 9.6 is end-of-life and no longer supported, users should migrate to AOL Desktop Gold or alternative platforms to mitigate this vulnerability. Avoid opening .rtx files from untrusted sources to prevent exploitation.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow remote attackers to execute arbitrary code on your system when you open a malicious .rtx file in AOL Desktop 9.6. This could lead to unauthorized control over your computer, potentially resulting in data theft, system compromise, or other malicious activities.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in AOL Desktop 9.6's Tool\rich.rct component when it parses .rtx files. An attacker can embed an excessively long string in a hyperlink tag within a .rtx file, causing a stack-based buffer overflow due to unsafe use of strcpy operations. This can allow remote attackers to execute arbitrary code when a victim opens the malicious .rtx file.