PT-2005-2597 · Yahoo · Yahoo! Messenger

Torseq Tech

Published

2005-05-16

Updated

2016-10-18

CVE-2005-1618

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions 5.x through 6.0

Description The issue allows remote attackers to cause a denial of service, resulting in a disconnect from the server. This is achieved by sending a room login or a room join request packet with a third colon and an ampersand, which causes Messenger to send a corrupted packet to the server.

Recommendations For Yahoo! Messenger versions 5.x through 6.0, consider restricting the use of the YMSGR URL handler until a patch is available. As a temporary workaround, avoid using the room login or room join request functionality with packets containing a third colon and an ampersand to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1618

Affected Products

Yahoo! Messenger

PT-2005-2597 · Yahoo · Yahoo! Messenger

CVE-2005-1618

Related Identifiers

Affected Products

References · 5