CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-31 18:29:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8babdbc0f86ff50487ee8a64da39b2f433a34aa1
CVEs-PoC/2011/CVE-2011-10027.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

22 lines
1.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### [CVE-2011-10027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-10027)
![](https://img.shields.io/static/v1?label=Product&message=AOL%20Desktop&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brightgreen)
### Description
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.
### POC
#### Reference
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
- https://www.exploit-db.com/exploits/16085
- https://www.exploit-db.com/exploits/16107
- https://www.exploit-db.com/exploits/17150
- https://www.vulncheck.com/advisories/aol-desktop-rtx-stack-based-buffer-overflow
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink