CVE-2005-1671

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions 5.x through 6.0

Description The issue allows local users to obtain sensitive information from other users due to the Logfile feature not properly warning later users when it has been enabled. This feature can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users.

Recommendations For Yahoo! Messenger versions 5.x through 6.0, consider disabling the Logfile feature to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the ypager.log file to minimize the risk of exploitation.