|
|
>> Yahoo! Messenger Webcam Upload and Viewer ActiveX Controls Buffer Overflow
|
Title : Yahoo! Messenger Webcam Upload and Viewer ActiveX Controls Buffer Overflow
VUPEN ID : VUPEN/ADV-2007-2094
CVE ID : CVE-2007-3147 - CVE-2007-3148
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
|
Two vulnerabilities have been identified in Yahoo! Messenger, which could be exploited by remote attackers to take complete control of an affected system.
The first issue is caused by a buffer overflow error in the Webcam Upload ActiveX control (ywcupl.dll) when processing an overly long "Server" property while calling the "Send()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
The second vulnerabilityy is caused by a buffer overflow error in the Webcam Viewer ActiveX control (ywcvwr.dll) when processing an overly long "Server" property while calling the "Receive()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Affected Products
Yahoo! Messenger version 8.1.0.249 and prior
Solution
Upgrade to Yahoo! Messenger version 8.1.0.401 :
http://messenger.yahoo.com/download.php
References
http://www.vupen.com/english/advisories/2007/2094
http://messenger.yahoo.com/security_update.php?id=060707
Credits
Vulnerabilities reported by Danny.
ChangeLog
2007-06-07 : Initial release
2007-06-07 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
