9.3

CVE-2007-1680

EPSS 45.23%
Veröffentlicht 06.04.2007 01:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yahoo ≫ Messenger Version8.0

Yahoo ≫ Messenger Version8.0.0.863

Yahoo ≫ Messenger Version8.0_2005.1.1.4

Yahoo ≫ Messenger Version8.1.0.209

Yahoo ≫ Messenger Version8.1.0.239

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.23%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://messenger.yahoo.com/security_update.php?id=031207

Patch

http://osvdb.org/34319

http://secunia.com/advisories/24742

Patch

Vendor Advisory

http://securityreason.com/securityalert/2523

http://www.kb.cert.org/vuls/id/388377

US Government Resource

http://www.securityfocus.com/archive/1/464607/100/0/threaded

http://www.securityfocus.com/bid/23291

Patch

Vendor Advisory

http://www.securitytracker.com/id?1017867

http://www.vupen.com/english/advisories/2007/1219

http://www.zerodayinitiative.com/advisories/ZDI-07-012.html

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33408

https://nvd.nist.gov/vuln/detail/CVE-2007-1680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1680

EUVD