PT-2002-3073 · Yahoo · Yahoo! Messenger

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2361

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions 4.0 through 5.5

Description The issue concerns the installer in Yahoo! Messenger, which does not verify package signatures. This could allow remote attackers to install trojan programs via DNS spoofing.

Recommendations For Yahoo! Messenger versions 4.0 through 5.5, consider updating to a newer version that includes signature verification to prevent the installation of trojan programs.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2002-2361

Affected Products

Yahoo! Messenger

PT-2002-3073 · Yahoo · Yahoo! Messenger

CVE-2002-2361

Weakness Enumeration

Related Identifiers

Affected Products

References · 4