Yahoo! Messenger Local Insecure Default Installation Vulnerability
BID:12585
Info
Yahoo! Messenger Local Insecure Default Installation Vulnerability
| Bugtraq ID: | 12585 |
| Class: | Configuration Error |
| CVE: |
CVE-2005-0242 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 18 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Carsten Eiram is credited with the discovery of this issue. |
| Vulnerable: |
Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 |
| Not Vulnerable: |
Yahoo! Messenger 6.0 .0.1921 |
Discussion
Yahoo! Messenger Local Insecure Default Installation Vulnerability
A local insecure default installation vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to properly secure directories and executables when installation takes place.
A local attacker may leverage this issue to have arbitrary code executed with the privileges of an unsuspecting user; this may facilitate privileges escalation.
A local insecure default installation vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to properly secure directories and executables when installation takes place.
A local attacker may leverage this issue to have arbitrary code executed with the privileges of an unsuspecting user; this may facilitate privileges escalation.
Exploit / POC
Yahoo! Messenger Local Insecure Default Installation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Yahoo! Messenger Local Insecure Default Installation Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Yahoo! Messenger 5.0 .1065
Yahoo! Messenger 5.0 .1046
Yahoo! Messenger 5.0
Yahoo! Messenger 5.0 .1232
Yahoo! Messenger 5.5
Yahoo! Messenger 5.5 .1249
Yahoo! Messenger 5.6 .0.1358
Yahoo! Messenger 5.6
Yahoo! Messenger 5.6 .0.1347
Yahoo! Messenger 5.6 .0.1351
Yahoo! Messenger 5.6 .0.1356
Yahoo! Messenger 5.6 .0.1355
Yahoo! Messenger 6.0 .0.1643
Yahoo! Messenger 6.0
Yahoo! Messenger 6.0 .0.1750
Solution:
The vendor has released an upgrade dealing with this issue.
Yahoo! Messenger 5.0 .1065
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.0 .1046
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.0
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.0 .1232
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.5
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.5 .1249
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6 .0.1358
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6 .0.1347
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6 .0.1351
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6 .0.1356
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 5.6 .0.1355
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 6.0 .0.1643
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 6.0
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
Yahoo! Messenger 6.0 .0.1750
-
Yahoo! Messenger 6.0 Build 1921
http://messenger.yahoo.com/
References
Yahoo! Messenger Local Insecure Default Installation Vulnerability
References:
References:
- Yahoo! Messenger Audio Setup Wizard Privilege Escalation (Secunia)
- Yahoo! Messenger Homepage (Yahoo!)
- Yahoo! Messenger Security Updates (Yahoo!)