cbcvebase.
CVE-2011-10027
published 2025-08-20

CVE-2011-10027: AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a…

PriorityP349high8.4CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.48%
37.5th percentile
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.

Affected

1 ranges
VendorProductVersion rangeFixed in
aol_incaol_desktop<= 9.6

Detection & IOCsextracted from sources · hover to see the quote

filenameTool\rich.rct
  • Monitor for AOL Desktop processes opening .rtx files, particularly where rich.rct is loaded and processes unusually large hyperlink tag strings — indicative of the strcpy-based stack buffer overflow trigger.
  • Flag delivery or opening of .rtx files in email or web contexts targeting AOL Desktop 9.6 users, as the exploit vector is a malicious .rtx file with an overly long hyperlink tag string.
  • The Metasploit module for this CVE is a Windows fileformat exploit targeting AOL Desktop 9.6; detect use of the module path exploits/windows/fileformat/aol_desktop_linktag in offensive tooling or logs.
  • ·AOL Desktop 9.6 is end-of-life with no vendor patch available; the only mitigation is migration away from the affected software.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.