cbcvebase.
CVE-2007-5755
published 2007-11-14

CVE-2007-5755: Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via…

PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
12.97%
95.8th percentile
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.

Detection & IOCsextracted from sources · hover to see the quote

filenameAmpX.dll
versionAmpX.dll 2.6.1.11
versionAmpX.dll 2.4.0.6
commandConvertFile()
  • Monitor for instantiation of the AOL IWinAmpActiveX / AmpX ActiveX control (AmpX.dll) within browser processes, particularly calls to the ConvertFile() method with abnormally long string arguments.
  • Flag browser-spawned processes or shellcode execution following invocation of AmpX.dll, as exploitation is drive-by via a malicious web page targeting the ActiveX control.
  • ·Two distinct vulnerable versions are referenced across sources: NVD cites 2.6.1.11 while the Metasploit module targets 2.4.0.6 — detection/blocking rules should cover both version strings.
  • ·NVD describes overflow via 'long arguments to unspecified methods' (plural), while the Metasploit module specifically targets ConvertFile(); other methods may also be exploitable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.