On GameFAQs: Halo 3 ODST: Where's the last audio log?
BNET Business Network:
BNET
TechRepublic
ZDNet

January 10th, 2008

CERT: AOL Radio has high-risk flaw

Posted by Larry Dignan @ 11:00 am

Categories: Exploit code, Hackers, Viruses and Worms, Vulnerability research

Tags: America Online Inc., CERT, Radio, Flaw, AOL Radio, U.S. Computer Emergency Readiness Team, AOLMediaPlaybackControl Application, Advertising & Promotion, ActiveX/COM/COM+/DCOM, Security

The U.S. Computer Emergency Readiness Team has warned about a code execution flaw in the AOL Radio software.

I’m not sure how many folks use AOL Radio, but AOL still has a lot of eyeballs. If you’re one of those AOL users check out the CERT warning.

As for the details, CERT’s Will Dorman writes in a warning that the AOLMediaPlaybackControl application has “a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”

The vulnerability resides in an ActiveX control called AmpX. AOL Radio uses this control to stream audio on Web pages. Dorman notes:

The AOL AmpX ActiveX control, which is provided by AmpX.dll, uses a program called AOLMediaPlaybackControl.exe. The AOLMediaPlaybackControl application contains a stack buffer overflow that is exploitable via the AmpX ActiveX control’s AppendFileToPlayList() method.

On the bright side, AOL has fixed the vulnerability in what Dorman calls “an unspecified automatic update.” The upshot: If you use AOL Radio make sure you have the AmpX ActiveX control version 2.6.2.6. Alternatively, you can disable the AmpX ActiveX control in Internet Explorer.

Via Ryan Naraine.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 4 Talkback(s)
RE: CERT: AOL Radio has high-risk flaw
This doesn't apply to listening to AOL Radio with Winamp, only the dedicated AOL Radio software. There are not, so far as I know, any CERT warnings about Winamp, so listeners who are worried about the flaw could switch.... (Read the rest)
Posted by: mark@... Posted on: 01/11/08 You are currently: a Guest | | Terms of Use
I listen to XM Satellite Radio Online.  Grayson Peddie | 01/10/08
Well goodie for you!  fred@... | 01/11/08
AOL Radio is very good  Bill4 | 01/10/08
RE: CERT: AOL Radio has high-risk flaw  mark@... | 01/11/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here