CVE-2009-4171

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger version 9.0.0.2162 Yahoo! Messenger versions 9.0

Description The issue is related to an ActiveX control in YahooBridgeLib.dll, which allows remote attackers to cause a denial of service by calling the RegisterMe method with a long argument, resulting in a NULL pointer dereference and application crash.

Recommendations For Yahoo! Messenger version 9.0.0.2162, consider disabling the RegisterMe method until a patch is available. For other affected 9.0 versions, restrict access to the vulnerable ActiveX control in YahooBridgeLib.dll to minimize the risk of exploitation.