9.3

CVE-2007-1680

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YahooMessenger Version8.0
YahooMessenger Version8.0.0.863
YahooMessenger Version8.0_2005.1.1.4
YahooMessenger Version8.1.0.209
YahooMessenger Version8.1.0.239
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.38% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://messenger.yahoo.com/security_update.php?id=031207
Patch
http://osvdb.org/34319
http://secunia.com/advisories/24742
Patch
Vendor Advisory
http://securityreason.com/securityalert/2523
http://www.kb.cert.org/vuls/id/388377
US Government Resource
http://www.securityfocus.com/archive/1/464607/100/0/threaded
http://www.securityfocus.com/bid/23291
Patch
Vendor Advisory
http://www.securitytracker.com/id?1017867
http://www.vupen.com/english/advisories/2007/1219
http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33408