CVE-2012-0268

Name of the Vulnerable Software and Affected Versions Yahoo! Messenger versions prior to 11.5.0.155

Description The issue is related to an integer overflow in the CYImage::LoadJPG method within the YImage.dll component of Yahoo! Messenger. This occurs when photo sharing is enabled and a crafted JPG image is used, potentially triggering a heap-based buffer overflow. This could allow remote attackers to execute arbitrary code.

Recommendations For versions prior to 11.5.0.155, update to version 11.5.0.155 or later to resolve the issue. As a temporary workaround, consider disabling photo sharing until the update is applied.