Search criteria
99 vulnerabilities found for messenger by yahoo
FKIE_CVE-2014-7216
Vulnerability from fkie_nvd - Published: 2015-09-11 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23A70298-F578-4534-A093-AE997FAB3BFC",
"versionEndIncluding": "11.5.0.228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer basado en pila en Yahoo! Messenger 11.5.0.228 y versiones anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (colapso) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s del (1) acceso directo o de (2) las claves de t\u00edtulo en un archivo emoticons.xml."
}
],
"id": "CVE-2014-7216",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-11T20:59:00.100",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"source": "cve@mitre.org",
"url": "https://hackerone.com/reports/10767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hackerone.com/reports/10767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0268
Vulnerability from fkie_nvd - Published: 2012-01-19 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/47041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47041 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D598BB4-F9F9-4013-9D02-7A88430D7E12",
"versionEndIncluding": "11.5.0.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:0.99.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E88F5CC4-EB8B-438E-9ADC-93231BFF5526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD6E7BF-1CBD-4CED-B5C4-8390FA9DEECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E46751B-048A-43C9-933F-4C0E7F59F6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8167DD-2B40-44AB-9775-4D6390606A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D8486D-5156-4A8D-92D3-CE9CF171326B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B694F873-BB64-4937-8142-83DB26425991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:beta-35554:*:*:*:*:*:*",
"matchCriteriaId": "5CFBD546-F938-4DF2-9CB3-852D83AEC7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1B09-EC05-4594-A2C9-77D8C978A77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7B2C0B-CC2C-4C90-8566-F449F593A3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F9A8C-206B-49D3-9F25-D25F4CD74DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1065:*:*:*:*:*:*:*",
"matchCriteriaId": "077D9394-E0DB-4BE1-9666-ED98A459D57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29459E-C84F-46BC-9679-A55D285287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5.1249:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC324E2-C08F-4090-82CD-5A64165986F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1347:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC4C7A-4A77-41ED-BC6D-6F962283107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1355:*:*:*:*:*:*:*",
"matchCriteriaId": "E025BBCF-8E26-4E83-BA49-9A10E3011428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1356:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0DD432-79BA-4750-B53C-A5149DACBE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1358:*:*:*:*:*:*:*",
"matchCriteriaId": "47ABA651-3F7A-4647-AA21-14B552694A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1643:*:*:*:*:*:*:*",
"matchCriteriaId": "E9479AAB-AFFD-4976-96AC-B97DE517BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1921:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFB3BF-1092-46E4-9C0D-FF91E0FB1371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E358E1-680D-4B98-9E61-F0B31773373F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C35A346-6510-44D2-A36E-E6661B6586F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.426:*:*:*:*:*:*:*",
"matchCriteriaId": "88A599C5-C8E8-41F9-887C-DACDF809FBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.437:*:*:*:*:*:*:*",
"matchCriteriaId": "54DBBFA3-CB37-41B3-85DA-C8AF20A8BA7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.438:*:*:*:*:*:*:*",
"matchCriteriaId": "451603CE-2DAF-47AF-A1E6-F79A514E1E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE2C978-8812-489D-94F9-186B5519545B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5.0.814:*:*:*:*:*:*:*",
"matchCriteriaId": "45452EA7-2FE3-496C-A523-6B5CDDB0C540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.505:*:*:*:*:*:*:*",
"matchCriteriaId": "2F111CCF-7D39-4113-9138-5EAEE7BEFCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.508:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C87FBF-A993-461B-A912-29BF7999D5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.701:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B30F7E-536C-4547-8123-7A3E27701582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.716:*:*:*:*:*:*:*",
"matchCriteriaId": "2216FE62-D0A2-4BBB-973D-B839A1DDF915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.195:*:*:*:*:*:*:*",
"matchCriteriaId": "544F71AF-1E2B-4F87-839C-EC981EC5D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAF169E-8466-43EF-A03D-D49256EB2C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.244:*:*:*:*:*:*:*",
"matchCriteriaId": "09125309-423D-4A4E-B7FB-37E4F531159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "67DE14CA-5781-4F78-8562-DDD53C7CB7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.402:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CB6D1A-E1A2-4E1C-9E02-24A192D72750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.413:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0435F-F38D-42E2-AA34-F256B9D2B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.416:*:*:*:*:*:*:*",
"matchCriteriaId": "25099018-E7E2-47A3-A57C-E2B106E75987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.419:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF049DF-9D3E-471A-958D-C760E8A894EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*",
"matchCriteriaId": "661E07A2-FB77-4411-95B3-BD0ED72DC6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.797:beta:*:*:*:*:*:*",
"matchCriteriaId": "0159CADA-CF93-4F4A-AC9D-D76D91B76AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.907:beta:*:*:*:*:*:*",
"matchCriteriaId": "982ECC94-686C-4965-8FBA-9D1F6F70213C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.922:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBD43C5B-040D-4704-B049-3AC3DCE9C9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1389:beta:*:*:*:*:*:*",
"matchCriteriaId": "6A0285E3-0D62-4870-96B8-20C7F3C00D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1912:*:*:*:*:*:*:*",
"matchCriteriaId": "664D05A8-0EB0-48AE-9208-E66EA03B084E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2018:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F1C4DB-6A5F-4D35-AC17-218074419BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2034:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6ABACF-86B7-42B7-A15D-57EE6A765238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2112:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1C8908-D4C7-406D-AF03-E7406C480B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2123:*:*:*:*:*:*:*",
"matchCriteriaId": "24C8559C-9D77-4BB3-981C-D151CB014DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2128:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCAA3D-F88B-4081-A843-0BD6D78941C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2133:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE5D420-216B-41C0-9E56-798F992D0A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2136:*:*:*:*:*:*:*",
"matchCriteriaId": "A30A5955-F276-4C86-8286-02AD0BC3DF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2152:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B990ED-2BAC-4093-A6CD-34F04C95E64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2160:*:*:*:*:*:*:*",
"matchCriteriaId": "C60DAAA0-032B-4D9C-83FF-26FFC278F270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2161:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1DBCAF-12A7-490C-BADF-8534B78E06CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2162:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1FEC40-A9EA-44AF-9DF3-1F85E1DDE4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.331:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "5E582D93-A84A-4C12-AE2B-4B2B71681BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.525:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE43B4C9-8C06-4CCF-8BC4-75C75EEAD425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.542:beta:*:*:*:*:*:*",
"matchCriteriaId": "41680B8B-2D8A-4583-9629-55833461AEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1102:*:*:*:*:*:*:*",
"matchCriteriaId": "4E921962-F4C1-4785-8E63-657F7C39E16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1241:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF7B20-BB90-4A8A-8E6D-C91BF9238B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1258:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5BBB19-F1B8-4432-B48D-E9BC52D55729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1264:*:*:*:*:*:*:*",
"matchCriteriaId": "93519572-6872-425A-81C3-52198B94CB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1267:*:*:*:*:*:*:*",
"matchCriteriaId": "179796DF-BEB9-4611-8703-D959F1218C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1270:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAE7084-6DC6-423B-AA69-9F8C65305D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.1751:*:*:*:*:*:*:*",
"matchCriteriaId": "27221A33-B95F-4FBE-B049-04CBA88B8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2009:*:*:*:*:*:*:*",
"matchCriteriaId": "CD59825D-5C68-4B5C-A46E-6DAB2F953502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2014:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8234BC-4AC1-4A00-955B-D1F1467E11C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el m\u00e9todo CYImage::LoadJPG en YImage.dll en Yahoo! Messenger antes de v11.5.0.155, cuando la compartici\u00f3n fotos est\u00e1 activada, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen JPG modificada a mano que genera un desbordamiento de b\u00fafer basado en memoria din\u00e1mica(mont\u00edculo)."
}
],
"id": "CVE-2012-0268",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-19T15:55:00.990",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4171
Vulnerability from fkie_nvd - Published: 2009-12-02 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2162:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1FEC40-A9EA-44AF-9DF3-1F85E1DDE4FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
},
{
"lang": "es",
"value": "Un control ActiveX en YahooBridgeLib.dll para Yahoo! Messenger v9.0.0.2162, y posiblemente otras versiones 9.0, permite a atacantes remotos producir una denegaci\u00f3n de servicio (desreferencia a un puntero NULL y ca\u00edda de aplicaci\u00f3n ) mediante una llamada al m\u00e9todo RegisterMe con un argumento largo."
}
],
"id": "CVE-2009-4171",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T19:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37007"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5017
Vulnerability from fkie_nvd - Published: 2007-09-20 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*",
"matchCriteriaId": "661E07A2-FB77-4411-95B3-BD0ED72DC6B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de rutas absolutas en ciertos controles de ActiveX en el objeto CYFT del ft60.dll del Yahoo! Messenger 8.1.0.421 permite a atacantes remotos forzar una descarga y crear o sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un nombre de ruta completa como segundo argumento del m\u00e9todo GetFile."
}
],
"id": "CVE-2007-5017",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-20T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38296"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018715"
},
{
"source": "cve@mitre.org",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4635
Vulnerability from fkie_nvd - Published: 2007-08-31 23:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.402:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CB6D1A-E1A2-4E1C-9E02-24A192D72750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Yahoo! Messenger 8.1.0.209 y 8.1.0.402 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante determinados paquetes de transferencia de fichero, posiblemente involucrando un desbordamiento de b\u00fafer, como se demuestra con ym8bug.exe.\r\nNOTA: Esto podr\u00eda estar relacionado con CVE-2007-4515.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4635",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-31T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4515
Vulnerability from fkie_nvd - Published: 2007-08-31 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CF8D81-8299-4EC7-B3A6-E08B57786CB8",
"versionEndIncluding": "8.1.0.413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en cierto control ActiveX en YVerInfo.dll versiones anteriores a 2007.8.27.1 en la conjunto de servicios para Yahoo! para Yahoo! Messenger versiones anteriores a 8.1.0.419, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores no especificados que involucran argumentos en los m\u00e9todos (1) fvCom y (2) info. NOTA: algunos de estos datos son obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4515",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-31T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37739"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26579"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3083"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4391
Vulnerability from fkie_nvd - Published: 2007-08-17 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.413:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0435F-F38D-42E2-AA34-F256B9D2B2C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n)a trav\u00e9s de ciertas longitudes de campo en los datos JPEG2000, como se demostr\u00f3 con el env\u00edo de una respuesta a \"una invitaci\u00f3n para ver mi webcam\", y su posterior inyecci\u00f3n de una DLL dentro de la aplicaci\u00f3n Yahoo! Messenger atacada cuando esta respuesta es aceptada."
}
],
"id": "CVE-2007-4391",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-17T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26501"
},
{
"source": "cve@mitre.org",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"source": "cve@mitre.org",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"source": "cve@mitre.org",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3928
Vulnerability from fkie_nvd - Published: 2007-07-21 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Yahoo! Messenger 8.1 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una direcci\u00f3n larga de correo electr\u00f3nico en una entrada de la libreta de direcciones.\r\nNOTA: Esto podr\u00eda solaparse con CVE-2007-3638."
}
],
"evaluatorSolution": "The vendor has confirmed the vulnerability and a fix has been implemented server-side. \r\n",
"id": "CVE-2007-3928",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-21T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26066"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2906"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3638
Vulnerability from fkie_nvd - Published: 2007-07-10 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en Yahoo! en Messenger versi\u00f3n 8.1, permite a usuarios autenticados remotos asistidos por el usuario, que est\u00e1n listados en una libreta de direcciones, ejecutar c\u00f3digo arbitrario por medio de vectores no especificados, tambi\u00e9n se conoce como ZD-00000005. NOTA: esta informaci\u00f3n se basa en un aviso vago de una organizaci\u00f3n de ventas de informaci\u00f3n sobre vulnerabilidades que no coordina con los proveedores o p\u00fablica avisos procesables. Ha sido asignado un CVE con fines de seguimiento, pero duplicidades con otros CVE son dif\u00edciles de determinar."
}
],
"id": "CVE-2007-3638",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-10T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"source": "cve@mitre.org",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3147
Vulnerability from fkie_nvd - Published: 2007-06-11 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control Yahoo! Webcam Upload ActiveX en ywcupl.dll versi\u00f3n 2.0.1.4 para Yahoo! Messenger versi\u00f3n 8.1.0.249 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor largo propiedad del servidor para el m\u00e9todo de env\u00edo. NOTA: algunos de estos datos se consiguen de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-11T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2809"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from cvelistv5 – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00",
"dateReserved": "2014-09-28T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0268 (GCVE-0-2012-0268)
Vulnerability from cvelistv5 – Published: 2012-01-19 15:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T15:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0268",
"datePublished": "2012-01-19T15:00:00Z",
"dateReserved": "2011-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:26.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4171 (GCVE-0-2009-4171)
Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4171",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2361 (GCVE-0-2002-2361)
Vulnerability from cvelistv5 – Published: 2007-10-29 19:00 – Updated: 2024-09-17 01:20
VLAI?
Summary
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2361",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:44.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5017 (GCVE-0-2007-5017)
Vulnerability from cvelistv5 – Published: 2007-09-20 21:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"refsource": "OSVDB",
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5017",
"datePublished": "2007-09-20T21:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4635 (GCVE-0-2007-4635)
Vulnerability from cvelistv5 – Published: 2007-08-31 23:00 – Updated: 2024-09-16 16:32
VLAI?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4635",
"datePublished": "2007-08-31T23:00:00Z",
"dateReserved": "2007-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4515 (GCVE-0-2007-4515)
Vulnerability from cvelistv5 – Published: 2007-08-31 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37739",
"refsource": "OSVDB",
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=082907",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4515",
"datePublished": "2007-08-31T22:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4391 (GCVE-0-2007-4391)
Vulnerability from cvelistv5 – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"name": "http://www.team509.com/expyahoo.rar",
"refsource": "MISC",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"refsource": "OSVDB",
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"name": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749",
"refsource": "MISC",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4391",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3928 (GCVE-0-2007-3928)
Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26066"
},
{
"name": "http://www.xdisclose.com/advisory/XD100002.html",
"refsource": "MISC",
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3928",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3638 (GCVE-0-2007-3638)
Vulnerability from cvelistv5 – Published: 2007-07-10 00:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3638",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from nvd – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00",
"dateReserved": "2014-09-28T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0268 (GCVE-0-2012-0268)
Vulnerability from nvd – Published: 2012-01-19 15:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T15:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0268",
"datePublished": "2012-01-19T15:00:00Z",
"dateReserved": "2011-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:26.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4171 (GCVE-0-2009-4171)
Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4171",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2361 (GCVE-0-2002-2361)
Vulnerability from nvd – Published: 2007-10-29 19:00 – Updated: 2024-09-17 01:20
VLAI?
Summary
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2361",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:44.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5017 (GCVE-0-2007-5017)
Vulnerability from nvd – Published: 2007-09-20 21:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"refsource": "OSVDB",
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5017",
"datePublished": "2007-09-20T21:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4635 (GCVE-0-2007-4635)
Vulnerability from nvd – Published: 2007-08-31 23:00 – Updated: 2024-09-16 16:32
VLAI?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4635",
"datePublished": "2007-08-31T23:00:00Z",
"dateReserved": "2007-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4515 (GCVE-0-2007-4515)
Vulnerability from nvd – Published: 2007-08-31 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37739",
"refsource": "OSVDB",
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=082907",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4515",
"datePublished": "2007-08-31T22:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4391 (GCVE-0-2007-4391)
Vulnerability from nvd – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"name": "http://www.team509.com/expyahoo.rar",
"refsource": "MISC",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"refsource": "OSVDB",
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"name": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749",
"refsource": "MISC",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4391",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3928 (GCVE-0-2007-3928)
Vulnerability from nvd – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26066"
},
{
"name": "http://www.xdisclose.com/advisory/XD100002.html",
"refsource": "MISC",
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3928",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3638 (GCVE-0-2007-3638)
Vulnerability from nvd – Published: 2007-07-10 00:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3638",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}