Aggregates CVE and security vulnerability intelligence across all AOL-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, vendor risk input validation, and vendor risk memory corruption, with potential vendor impact application crash across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-5570 | The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.4 | 0.10% | 2014-09-09 | 2026-05-06 |
| CVE-2012-5816 | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | [email protected] | 5.8 | 0.13% | 2012-11-04 | 2026-04-29 |
| CVE-2009-4494 | AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | [email protected] | 5.0 | 3.58% | 2010-01-13 | 2026-04-23 |
| CVE-2009-3658 | Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. | [email protected] | 8.8 | 22.02% | 2009-10-09 | 2026-04-23 |
| CVE-2007-6699 | Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. | [email protected] | 4.3 | 4.72% | 2008-02-04 | 2026-04-23 |
| CVE-2007-6250 | Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. | [email protected] | 9.3 | 68.34% | 2008-01-09 | 2026-04-23 |
| CVE-2007-5755 | Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. | [email protected] | 9.3 | 55.96% | 2007-11-14 | 2026-04-23 |
| CVE-2007-5124 | The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. | [email protected] | 6.8 | 1.96% | 2007-09-27 | 2026-04-23 |
| CVE-2007-4901 | The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. | [email protected] | 5.8 | 2.41% | 2007-09-14 | 2026-04-23 |
| CVE-2007-3437 | AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | [email protected] | 7.8 | 0.82% | 2007-06-27 | 2026-04-23 |
| CVE-2007-3350 | AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. | [email protected] | 7.8 | 0.80% | 2007-06-22 | 2026-04-23 |
| CVE-2007-1904 | Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | [email protected] | 4.3 | 1.42% | 2007-04-10 | 2026-04-23 |
| CVE-2006-5820 | The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | [email protected] | 9.3 | 39.12% | 2007-04-02 | 2026-04-23 |
| CVE-2007-1767 | Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. | [email protected] | 7.8 | 0.75% | 2007-03-30 | 2026-04-23 |
| CVE-2006-6442 | Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. | [email protected] | 9.3 | 14.86% | 2006-12-10 | 2026-04-23 |
| CVE-2006-5650 | The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | [email protected] | 7.5 | 80.97% | 2006-11-07 | 2026-04-23 |
| CVE-2006-5502 | Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. | [email protected] | 7.5 | 5.42% | 2006-10-25 | 2026-04-23 |
| CVE-2006-5501 | Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | [email protected] | 7.5 | 5.42% | 2006-10-25 | 2026-04-23 |
| CVE-2006-3888 | Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | [email protected] | 7.5 | 19.80% | 2006-10-10 | 2026-04-23 |
| CVE-2006-3887 | Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | [email protected] | 7.5 | 8.55% | 2006-10-10 | 2026-04-23 |