CVE-2011-10027 HIGH

CVE-2011-10027: AOL Desktop 9.6 RTX Stack-Based Buffer Overflow

Vendor Aol Inc.
Product AOL Desktop
Weakness CWE-121
Published August 20, 2025
Last update May 15, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
May 15, 2026 Record updated