ID |
CVE-2007-1680
|
Summary |
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*
-
cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*
-
cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*
-
cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*
-
cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 16-10-2018 - 16:40) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
refmap
via4
|
|
saint
via4
|
bid | 23291 | description | Yahoo Messenger AudioConf ActiveX control buffer overflow | id | misc_yahoomsgrver | osvdb | 34319 | title | yahoo_messenger_audioconf | type | client |
|
Last major update |
16-10-2018 - 16:40 |
Published |
06-04-2007 - 01:19 |
Last modified |
16-10-2018 - 16:40 |