PT-2006-7205 · Yahoo · Yahoo! Messenger

Published

2006-12-15

Updated

2011-03-08

CVE-2006-6603

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions prior to 2005.1.1.4

Description A buffer overflow issue exists in the YMMAPI.YMailAttach ActiveX control, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML document.

Recommendations For versions prior to 2005.1.1.4, update to version 2005.1.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the YMMAPI.YMailAttach ActiveX control until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6603

Affected Products

Yahoo! Messenger

PT-2006-7205 · Yahoo · Yahoo! Messenger

CVE-2006-6603

Related Identifiers

Affected Products

References · 7