Описание
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06732
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
EPSS
Процентиль: 91%
0.06732
Низкий
5 Medium
CVSS2
Дефекты
CWE-22