CVE-2007-5396

Name of the Vulnerable Software and Affected Versions: Miranda IM version 0.7.1

Description: The issue allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who). This is a format string vulnerability in the ext yahoo contact added function in yahoo.c.

Recommendations: For Miranda IM version 0.7.1, consider disabling the ext yahoo contact added function until a patch is available. Restrict access to the yahoo.c module to minimize the risk of exploitation. Avoid using the who variable in the affected Y7 Buddy Authorization packet handling until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.