PT-2005-1322 · Yahoo · Yahoo! Messenger

Published

2005-02-18

Updated

2008-09-05

CVE-2005-0242

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger version 6.0.0.1750

Description The issue allows attackers to execute arbitrary code by placing a malicious ping.exe program into the Messenger program directory. This is possible due to weak default permissions in the installation.

Recommendations For version 6.0.0.1750, consider changing the permissions of the Messenger program directory to prevent unauthorized access and execution of malicious programs. As a temporary workaround, restrict the execution of the ping.exe program from the Messenger directory until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0242

Affected Products

Yahoo! Messenger

PT-2005-1322 · Yahoo · Yahoo! Messenger

CVE-2005-0242

Related Identifiers

Affected Products

References · 4