High severity8.8NVD Advisory· Published Oct 9, 2009· Updated Apr 23, 2026

CVE-2009-3658

Description

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

Affected products

AOL/Superbuddy Activex Control
cpe:2.3:a:aol:superbuddy_activex_control:9.5.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/9sg_aol_91_superbuddy.htmlnvdBroken LinkExploit
www.securityfocus.com/bid/36580nvdBroken LinkExploitThird Party AdvisoryVDB Entry
secunia.com/advisories/36919nvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/506889/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2009/2812nvdBroken LinkVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/53614nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.018
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000