CVE-2007-4391

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger version 8.1.0.413

Description The issue is related to a heap-based buffer overflow in the Kakadu kdu v32m.dll component. This can be triggered by sending a specially crafted "invite to view my webcam" request with a certain length field in JPEG2000 data, potentially causing a denial of service (application crash). When the request is accepted, it may allow an attacker to inject a DLL into the peer Yahoo! Messenger application.

Recommendations For Yahoo! Messenger version 8.1.0.413, consider disabling the handling of JPEG2000 data in the Kakadu kdu v32m.dll component as a temporary workaround until a patch is available. Restrict access to the "invite to view my webcam" feature to minimize the risk of exploitation.