Buffer Overflow Vulnerability in AOL Desktop 9.6
CVE-2011-10027

8.4HIGH

Key Information:

Vendor

Aol Inc.

Status
Aol Desktop
Vendor
CVE Published:
20 August 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 19%

What is CVE-2011-10027?

AOL Desktop 9.6 is susceptible to a buffer overflow vulnerability that occurs in the Tool\rich.rct component when processing .rtx files. By exploiting this flaw, an attacker can embed a lengthy string in a hyperlink tag, resulting in a stack-based buffer overflow due to unsafe strcpy operations. Consequently, this can allow remote attackers to execute arbitrary code when a user opens a specially crafted .rtx file. It is important to note that AOL Desktop is end-of-life and is no longer supported; users are advised to transition to AOL Desktop Gold or consider alternative software solutions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AOL Desktop * <= 9.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-10027 - Proof of Concept

CVE-2011-10027 - Proof of Concept

CVE-2011-10027 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
https://www.exploit-db.com/exploits/16085
exploit
https://www.exploit-db.com/exploits/16107
exploit

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

sup3r
JSON
.