CVE-2007-1680

Опубликовано: 06 апр. 2007

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Ссылки

http://messenger.yahoo.com/security_update.php?id=031207
Patch
http://osvdb.org/34319
http://secunia.com/advisories/24742
Patch
Vendor Advisory
http://securityreason.com/securityalert/2523
http://www.kb.cert.org/vuls/id/388377
US Government Resource
http://www.securityfocus.com/archive/1/464607/100/0/threaded
http://www.securityfocus.com/bid/23291
Patch
Vendor Advisory
http://www.securitytracker.com/id?1017867
http://www.vupen.com/english/advisories/2007/1219
http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33408
http://messenger.yahoo.com/security_update.php?id=031207
Patch
http://osvdb.org/34319
http://secunia.com/advisories/24742
Patch
Vendor Advisory
http://securityreason.com/securityalert/2523
http://www.kb.cert.org/vuls/id/388377
US Government Resource
http://www.securityfocus.com/archive/1/464607/100/0/threaded
http://www.securityfocus.com/bid/23291
Patch
Vendor Advisory
http://www.securitytracker.com/id?1017867
http://www.vupen.com/english/advisories/2007/1219

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*

cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*

cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*

cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.46104

Средний

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-ch35-phmj-pvmh

github

почти 4 года назад