PT-2007-4430 · Yahoo · Yahoo! Messenger+1
Excepti0N
·
Published
2007-06-11
·
Updated
2018-10-16
·
CVE-2007-3147
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Yahoo! Messenger version 8.1.0.249
ywcupl.dll version 2.0.1.4
Description:
A buffer overflow issue exists in the Yahoo! Webcam Upload ActiveX control, allowing remote attackers to execute arbitrary code via a long server property value to the
send method.Recommendations:
For Yahoo! Messenger version 8.1.0.249, consider disabling the ywcupl.dll until a patch is available.
For ywcupl.dll version 2.0.1.4, restrict access to the
send method to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yahoo! Messenger
Ywcupl.Dll