CVE-2003-1135 - Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash)

CVE-2003-1135

Summary

Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.

References

http://www.securityfocus.com/archive/1/342472
http://www.securityfocus.com/bid/8894

Vulnerable Configurations

cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 05-09-2008 - 20:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:P

refmap via4

bid	8894
bugtraq	20031026 Buffer Overflow in Yahoo messenger Client

Last major update

05-09-2008 - 20:36

Published

31-12-2003 - 05:00

Last modified

05-09-2008 - 20:36