Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
BID:23291
Info
Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23291 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1680 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2007 12:00AM |
| Updated: | Apr 10 2007 03:51PM |
| Credit: | Peter Vreugdenhil reported this vulnerability to iDefense Labs. |
| Vulnerable: |
Yahoo! Messenger 8.0 Yahoo! Messenger 8.1.0.239 Yahoo! Messenger 8.1.0.209 Yahoo! Messenger 8.0.0.863 Yahoo! Messenger 8.0 2005.1.1.4 |
| Not Vulnerable: | |
Discussion
Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
The Audio Conferencing ActiveX control shipped with Yahoo! Messenger is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Yahoo! Messenger versions released prior to March 13, 2007 are vulnerable to this issue.
The Audio Conferencing ActiveX control shipped with Yahoo! Messenger is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Yahoo! Messenger versions released prior to March 13, 2007 are vulnerable to this issue.
Exploit / POC
Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
The vendor has released software updates to address this issue. Yahoo! Messenger versions that were obtained after March 13, 2007 are not vulnerable to this issue.
When users of the affected software sign into the Yahoo! service, they should be automatically prompted to install the fixes. Please see the references for more information.
Solution:
The vendor has released software updates to address this issue. Yahoo! Messenger versions that were obtained after March 13, 2007 are not vulnerable to this issue.
When users of the affected software sign into the Yahoo! service, they should be automatically prompted to install the fixes. Please see the references for more information.
References
Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
References:
References: