CVE-2011-10027

AOL Desktop 9.6 RTX Stack-Based Buffer Overflow

Description

AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.

INFO

Published Date :

2025-08-20T15:31:26.655Z

Last Modified :

2025-08-20T19:25:59.323Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2011-10027 vulnerability.

Vendors	Products
Aol	Aol

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2011-10027.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
https://www.exploit-db.com/exploits/16085
https://www.exploit-db.com/exploits/16107
https://www.exploit-db.com/exploits/17150
https://www.fortiguard.com/encyclopedia/ips/26516
https://www.vulncheck.com/advisories/aol-desktop-rtx-stack-based-buffer-overflow

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability