PT-2007-4430 · Yahoo · Yahoo! Messenger+1
Excepti0N
·
Publicado
2007-06-11
·
Atualizado
2018-10-16
·
CVE-2007-3147
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Yahoo! Messenger version 8.1.0.249
ywcupl.dll version 2.0.1.4
Description:
A buffer overflow issue exists in the Yahoo! Webcam Upload ActiveX control, allowing remote attackers to execute arbitrary code via a long server property value to the
send method.Recommendations:
For Yahoo! Messenger version 8.1.0.249, consider disabling the ywcupl.dll until a patch is available.
For ywcupl.dll version 2.0.1.4, restrict access to the
send method to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yahoo! Messenger
Ywcupl.Dll