Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
BID:24184
Info
Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
| Bugtraq ID: | 24184 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2007 12:00AM |
| Updated: | May 28 2007 10:21PM |
| Credit: | Dr.Pantagon is credited with the discovery of this issue. |
| Vulnerable: |
Yahoo! Messenger 8.0.1 |
| Not Vulnerable: | |
Discussion
Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
Yahoo! Messenger Webcam Viewer Networking and Imaging ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to crash applications that use the affected control (typically Internet Explorer). Remote code execution may also be possible, but has not been confirmed.
Yahoo! Messenger 8.0.1 is vulnerable; other versions may also be affected.
Yahoo! Messenger Webcam Viewer Networking and Imaging ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to crash applications that use the affected control (typically Internet Explorer). Remote code execution may also be possible, but has not been confirmed.
Yahoo! Messenger 8.0.1 is vulnerable; other versions may also be affected.
Exploit / POC
Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
Solution / Fix
Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Yahoo! Messenger Webcam Viewer YWCVWR.DLL ActiveX Control Denial of Service Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Yahoo! Messenger Homepage (Yahoo!)