Yahoo

Messenger

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2007-3147

Exploit
  • EPSS 58.21%
  • Published 11.06.2007 18:30:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are o...

9.3

CVE-2007-1680

  • EPSS 45.23%
  • Published 06.04.2007 01:19:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname prope...

5

CVE-2007-0868

  • EPSS 0.63%
  • Published 09.02.2007 19:28:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obt...

4.3

CVE-2007-0768

  • EPSS 0.69%
  • Published 06.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute ...

9.3

CVE-2006-6603

  • EPSS 8%
  • Published 15.12.2006 22:28:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information...

5

CVE-2006-5563

  • EPSS 1.22%
  • Published 27.10.2006 16:07:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this in...

2.6

CVE-2006-4975

Exploit
  • EPSS 0.32%
  • Published 25.09.2006 01:07:00
  • Last modified 03.04.2025 01:03:51

Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.

5

CVE-2006-3298

Exploit
  • EPSS 4.91%
  • Published 29.06.2006 01:05:00
  • Last modified 03.04.2025 01:03:51

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.

2.1

CVE-2005-1671

  • EPSS 0.03%
  • Published 19.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, ...

5

CVE-2005-1618

  • EPSS 4.46%
  • Published 16.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a c...