CERT: AOL Radio has high-risk flaw

CERT: AOL Radio has high-risk flaw

Summary: The U.S. Computer Emergency Readiness Team has warned about a code execution flaw in the AOL Radio software.

SHARE:

The U.S. Computer Emergency Readiness Team has warned about a code execution flaw in the AOL Radio software.

I'm not sure how many folks use AOL Radio, but AOL still has a lot of eyeballs. If you're one of those AOL users check out the CERT warning.

As for the details, CERT's Will Dorman writes in a warning that the AOLMediaPlaybackControl application has "a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."

The vulnerability resides in an ActiveX control called AmpX. AOL Radio uses this control to stream audio on Web pages. Dorman notes:

The AOL AmpX ActiveX control, which is provided by AmpX.dll, uses a program called AOLMediaPlaybackControl.exe. The AOLMediaPlaybackControl application contains a stack buffer overflow that is exploitable via the AmpX ActiveX control's AppendFileToPlayList() method.

On the bright side, AOL has fixed the vulnerability in what Dorman calls "an unspecified automatic update." The upshot: If you use AOL Radio make sure you have the AmpX ActiveX control version 2.6.2.6. Alternatively, you can disable the AmpX ActiveX control in Internet Explorer.

Via Ryan Naraine.

Topics: Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • I listen to XM Satellite Radio Online. <nt />

    .
    Grayson Peddie
    • Well goodie for you!

      And what's that got to do with AOL radio? Are you just bragging or areyou one of them people who gotta make comments about everything showing how ssuperior you are to the rest of the masses?
      fred@...
  • AOL Radio is very good

    It's nice to see the issue corrected in a timely fashion. AOL Radio brings a huge chunk of XM to you for free...it is worth checking out.
    Bill4
  • RE: CERT: AOL Radio has high-risk flaw

    This doesn't apply to listening to AOL Radio with Winamp, only the dedicated AOL Radio software. There are not, so far as I know, any CERT warnings about Winamp, so listeners who are worried about the flaw could switch.
    mark@...
  • RE: CERT: AOL Radio has high-risk flaw

    Mt2 turk MMO PvP game download online game servers
    <a href="http://www.metin2oyunu.org" title="metin2" target="_blank">metin2</a> - <a href="http://www.metin2oyunu.org/indir" title="metin2 indir" target="_blank">metin2 indir</a> - <a href="http://www.metin2oyunu.org/hileler" title="metin2 hile" target="_blank">metin2 hile</a> - <a href="http://www.metin2oyunu.org/gm-komutlari" title="metin2 gm komutlari" target="_blank">metin2 gm komutlari</a> - <a href="http://www.metin2oyunu.org/category/metin2-at-gorevleri" title="metin2 at gorevleri" target="_blank">metin2 at gorevleri</a>
    MMO online games, game related content turk mt2 pvp servers
    <a href="http://www.metin2pvpserver.net" title="metin 2" target="_blank">metin 2</a> - <a href="http://www.metin2pvpserver.net" title="pvp" target="_blank">pvp</a> - <a href="http://www.metin2pvpserver.net" title="server" target="_blank">server</a> - <a href="http://www.metin2pvpserver.net/knight" title="knight" target="_blank">knight</a>
    Mt2 turk MMO PvP game servers online
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererler" target="_blank">metin2 pvp sererler</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverlar" target="_blank">serverlar</a> - <a href="http://www.metin2pvpserverlar.com" title="pvp serverler" target="_blank">pvp serverler</a> - <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp sererlar" target="_blank">metin2 pvp sererlar</a> - <a href="http://www.metin2pvpserverlar.com/pvp-kenti" title="pvp kenti" target="_blank">pvp kenti</a>

    download http://www.metin2oyunu.org game servers online http://www.metin2pvpserver.net turk mt2 pvp servers http://www.metin2pvpserverlar.com
    <a href="http://www.metin2turkiye.net" title="mt2" target="_blank">mt2</a>
    <a href="http://www.metin2turkiye.net" title="metin2 turk" target="_blank">metin2 turk</a>
    <a href="http://www.metin2turkiye.net" title="mt2 turk" target="_blank">mt2 turk</a>
    <a href="http://www.metin2turkiye.net" title="metin2 tr" target="_blank">metin2 tr</a>
    <a href="http://www.metin2oyunu.org/indir" title="metin 2" target="_blank">Metin 2</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2 indir" target="_blank">alemt2 indir</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2 kaydol" target="_blank">alemt2 kaydol</a>
    <a href="http://www.metin2oyunu.org/tag/alemt2-kaydol-alemt2-indir" title="alemt2" target="_blank">alemt2</a>
    <a href="http://www.metin2oyunu.org/tag/fancy-mt2-kaydol" title="alemt2 kaydol" target="_blank">fancymt2 kaydol</a>
    <a href="http://www.metin2oyunu.org/tag/fancy-mt2" title="alemt2 kaydol" target="_blank">fancy mt2</a>
    <a href="http://www.metin2oyunu.org/tag/mt2-pvp" title="mt2 pvp" target="_blank">mt2 pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2 pvp" target="_blank">metin2 pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2 pvp" target="_blank">metin2 pvp serverler</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="pvp" target="_blank">pvp</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="metin2" target="_blank">metin2</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="serverler" target="_blank">serverler</a>
    <a href="http://www.metin2oyunu.org/metin2-pvp-serverler" title="serverler" target="_blank">serverler</a>

    <a href="http://www.metin2pvpserver.net" title="metin2pvpserver" target="_blank">metin2pvpserver</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 pvp server" target="_blank">metin2 pvp server</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 pvpserver" target="_blank">metin2 pvpserver</a>
    <a href="http://www.metin2pvpserver.net" title="metin2pvp server" target="_blank">metin2pvp server</a>
    <a href="http://www.metin2pvpserver.net" title="metin2pvp" target="_blank">metin2pvp</a>
    <a href="http://www.metin2pvpserver.net" title="metin2 server" target="_blank">metin2 server</a>


    <a href="http://www.metin2pvpserverlar.com" title="metin2pvpserverlar" target="_blank">metin2pvpserverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2 pvp serverlar" target="_blank">metin2 pvp serverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2pvp serverlar" target="_blank">metin2pvp serverlar</a>
    <a href="http://www.metin2pvpserverlar.com" title="metin2 serverlar" target="_blank">metin2 serverlar</a>

    <a href="http://www.faceara.com" title="face" target="_blank">face</a>
    <a href="http://www.faceara.com" title="facebook" target="_blank">facebook</a>
    zafer12