PT-2007-5690 · Yahoo+1 · Yahoo! Messenger+2
Publicado
2007-08-31
·
Atualizado
2017-07-29
·
CVE-2007-4515
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Yahoo! Messenger versions prior to 8.1.0.419
YVerInfo.dll versions prior to 2007.8.27.1
Description
The issue is related to a buffer overflow in a certain ActiveX control. This can be exploited by remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1)
fvCom and (2) info methods.Recommendations
For Yahoo! Messenger versions prior to 8.1.0.419, update to version 8.1.0.419 or later.
For YVerInfo.dll versions prior to 2007.8.27.1, update to version 2007.8.27.1 or later.
As a temporary workaround, consider disabling the
fvCom and info methods in the affected ActiveX control until a patch is available.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Activex
Yverinfo.Dll
Yahoo! Messenger