Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
| Link | Tags |
|---|---|
| http://retrogod.altervista.org/9sg_aol_91_superbuddy.html | broken link exploit |
| http://www.vupen.com/english/advisories/2009/2812 | vdb entry broken link vendor advisory |
| http://www.securityfocus.com/archive/1/506889/100/0/threaded | mailing list vdb entry third party advisory broken link |
| http://www.securityfocus.com/bid/36580 | exploit vdb entry third party advisory broken link |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704 | vdb entry signature broken link |
| http://secunia.com/advisories/36919 | broken link third party advisory vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53614 | vdb entry third party advisory |