FKIE_CVE-2012-0268
Vulnerability from fkie_nvd - Published: 2012-01-19 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/47041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47041 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D598BB4-F9F9-4013-9D02-7A88430D7E12",
"versionEndIncluding": "11.5.0.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:0.99.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E88F5CC4-EB8B-438E-9ADC-93231BFF5526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD6E7BF-1CBD-4CED-B5C4-8390FA9DEECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E46751B-048A-43C9-933F-4C0E7F59F6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8167DD-2B40-44AB-9775-4D6390606A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6944C050-C328-45DB-B2C3-0CA43C0D790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D8486D-5156-4A8D-92D3-CE9CF171326B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B694F873-BB64-4937-8142-83DB26425991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.0.1:beta-35554:*:*:*:*:*:*",
"matchCriteriaId": "5CFBD546-F938-4DF2-9CB3-852D83AEC7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "847E1B09-EC05-4594-A2C9-77D8C978A77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5FAAEB-793F-405B-A8D9-872FCEEBFB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7B2C0B-CC2C-4C90-8566-F449F593A3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF80C1-8F4D-40AF-88FD-D1AFDC03EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1046:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F9A8C-206B-49D3-9F25-D25F4CD74DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1065:*:*:*:*:*:*:*",
"matchCriteriaId": "077D9394-E0DB-4BE1-9666-ED98A459D57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.0.1232:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29459E-C84F-46BC-9679-A55D285287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.5.1249:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC324E2-C08F-4090-82CD-5A64165986F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1347:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC4C7A-4A77-41ED-BC6D-6F962283107E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*",
"matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1355:*:*:*:*:*:*:*",
"matchCriteriaId": "E025BBCF-8E26-4E83-BA49-9A10E3011428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1356:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0DD432-79BA-4750-B53C-A5149DACBE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1358:*:*:*:*:*:*:*",
"matchCriteriaId": "47ABA651-3F7A-4647-AA21-14B552694A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1643:*:*:*:*:*:*:*",
"matchCriteriaId": "E9479AAB-AFFD-4976-96AC-B97DE517BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*",
"matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1921:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFB3BF-1092-46E4-9C0D-FF91E0FB1371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E358E1-680D-4B98-9E61-F0B31773373F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C35A346-6510-44D2-A36E-E6661B6586F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.426:*:*:*:*:*:*:*",
"matchCriteriaId": "88A599C5-C8E8-41F9-887C-DACDF809FBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.0.437:*:*:*:*:*:*:*",
"matchCriteriaId": "54DBBFA3-CB37-41B3-85DA-C8AF20A8BA7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.0.438:*:*:*:*:*:*:*",
"matchCriteriaId": "451603CE-2DAF-47AF-A1E6-F79A514E1E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE2C978-8812-489D-94F9-186B5519545B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:7.5.0.814:*:*:*:*:*:*:*",
"matchCriteriaId": "45452EA7-2FE3-496C-A523-6B5CDDB0C540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7178A56-42F9-44BC-8742-402480F761FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.505:*:*:*:*:*:*:*",
"matchCriteriaId": "2F111CCF-7D39-4113-9138-5EAEE7BEFCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.508:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C87FBF-A993-461B-A912-29BF7999D5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.701:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B30F7E-536C-4547-8123-7A3E27701582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.716:*:*:*:*:*:*:*",
"matchCriteriaId": "2216FE62-D0A2-4BBB-973D-B839A1DDF915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*",
"matchCriteriaId": "5D369102-AC28-45D1-A9E7-B6C4F34529C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "012BF14B-1009-4BDE-A699-C5989F576199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4212E3-8338-430F-A9BC-A28D502B8B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EC84BF-CDEB-4046-8736-C77C007D368B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.195:*:*:*:*:*:*:*",
"matchCriteriaId": "544F71AF-1E2B-4F87-839C-EC981EC5D69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9243F4-ADE8-4B7A-A195-EEAD41FF14EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAF169E-8466-43EF-A03D-D49256EB2C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.244:*:*:*:*:*:*:*",
"matchCriteriaId": "09125309-423D-4A4E-B7FB-37E4F531159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*",
"matchCriteriaId": "15660D84-B392-457E-B433-9B9180A49B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "67DE14CA-5781-4F78-8562-DDD53C7CB7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.402:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CB6D1A-E1A2-4E1C-9E02-24A192D72750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.413:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0435F-F38D-42E2-AA34-F256B9D2B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.416:*:*:*:*:*:*:*",
"matchCriteriaId": "25099018-E7E2-47A3-A57C-E2B106E75987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.419:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF049DF-9D3E-471A-958D-C760E8A894EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*",
"matchCriteriaId": "661E07A2-FB77-4411-95B3-BD0ED72DC6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.797:beta:*:*:*:*:*:*",
"matchCriteriaId": "0159CADA-CF93-4F4A-AC9D-D76D91B76AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.907:beta:*:*:*:*:*:*",
"matchCriteriaId": "982ECC94-686C-4965-8FBA-9D1F6F70213C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.922:beta:*:*:*:*:*:*",
"matchCriteriaId": "CBD43C5B-040D-4704-B049-3AC3DCE9C9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1389:beta:*:*:*:*:*:*",
"matchCriteriaId": "6A0285E3-0D62-4870-96B8-20C7F3C00D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.1912:*:*:*:*:*:*:*",
"matchCriteriaId": "664D05A8-0EB0-48AE-9208-E66EA03B084E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2018:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F1C4DB-6A5F-4D35-AC17-218074419BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2034:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6ABACF-86B7-42B7-A15D-57EE6A765238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2112:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1C8908-D4C7-406D-AF03-E7406C480B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2123:*:*:*:*:*:*:*",
"matchCriteriaId": "24C8559C-9D77-4BB3-981C-D151CB014DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2128:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCAA3D-F88B-4081-A843-0BD6D78941C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2133:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE5D420-216B-41C0-9E56-798F992D0A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2136:*:*:*:*:*:*:*",
"matchCriteriaId": "A30A5955-F276-4C86-8286-02AD0BC3DF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2152:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B990ED-2BAC-4093-A6CD-34F04C95E64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2160:*:*:*:*:*:*:*",
"matchCriteriaId": "C60DAAA0-032B-4D9C-83FF-26FFC278F270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2161:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1DBCAF-12A7-490C-BADF-8534B78E06CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:9.0.0.2162:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1FEC40-A9EA-44AF-9DF3-1F85E1DDE4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.331:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "5E582D93-A84A-4C12-AE2B-4B2B71681BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.525:beta:*:*:*:*:*:*",
"matchCriteriaId": "FE43B4C9-8C06-4CCF-8BC4-75C75EEAD425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.542:beta:*:*:*:*:*:*",
"matchCriteriaId": "41680B8B-2D8A-4583-9629-55833461AEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1102:*:*:*:*:*:*:*",
"matchCriteriaId": "4E921962-F4C1-4785-8E63-657F7C39E16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1241:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF7B20-BB90-4A8A-8E6D-C91BF9238B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1258:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5BBB19-F1B8-4432-B48D-E9BC52D55729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1264:*:*:*:*:*:*:*",
"matchCriteriaId": "93519572-6872-425A-81C3-52198B94CB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1267:*:*:*:*:*:*:*",
"matchCriteriaId": "179796DF-BEB9-4611-8703-D959F1218C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:10.0.0.1270:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAE7084-6DC6-423B-AA69-9F8C65305D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.1751:*:*:*:*:*:*:*",
"matchCriteriaId": "27221A33-B95F-4FBE-B049-04CBA88B8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2009:*:*:*:*:*:*:*",
"matchCriteriaId": "CD59825D-5C68-4B5C-A46E-6DAB2F953502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:messenger:11.0.0.2014:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8234BC-4AC1-4A00-955B-D1F1467E11C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el m\u00e9todo CYImage::LoadJPG en YImage.dll en Yahoo! Messenger antes de v11.5.0.155, cuando la compartici\u00f3n fotos est\u00e1 activada, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen JPG modificada a mano que genera un desbordamiento de b\u00fafer basado en memoria din\u00e1mica(mont\u00edculo)."
}
],
"id": "CVE-2012-0268",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-19T15:55:00.990",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47041"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…