9.3

CVE-2007-1680

EPSS 45.23%
Published 06.04.2007 01:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Yahoo ≫ Messenger Version8.0

Yahoo ≫ Messenger Version8.0.0.863

Yahoo ≫ Messenger Version8.0_2005.1.1.4

Yahoo ≫ Messenger Version8.1.0.209

Yahoo ≫ Messenger Version8.1.0.239

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	45.23%	0.975

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://messenger.yahoo.com/security_update.php?id=031207

Patch

http://osvdb.org/34319

http://secunia.com/advisories/24742

Patch

Vendor Advisory

http://securityreason.com/securityalert/2523

http://www.kb.cert.org/vuls/id/388377

US Government Resource

http://www.securityfocus.com/archive/1/464607/100/0/threaded

http://www.securityfocus.com/bid/23291

Patch

Vendor Advisory

http://www.securitytracker.com/id?1017867

http://www.vupen.com/english/advisories/2007/1219

http://www.zerodayinitiative.com/advisories/ZDI-07-012.html

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33408

https://nvd.nist.gov/vuln/detail/CVE-2007-1680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1680

EUVD