Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
BID:24354
Info
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 24354 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3147 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2007 12:00AM |
| Updated: | May 12 2015 07:49PM |
| Credit: | Danny <[email protected]> and eEye Digital Security independently discovered this vulnerability. |
| Vulnerable: |
Yahoo! Webcam ActiveX Control 2.0.1 .4 Yahoo! Messenger 8.0.1 Yahoo! Messenger 8.0 Yahoo! Messenger 8.0.0.863 Yahoo! Messenger 8.0 2005.1.1.4 |
| Not Vulnerable: |
Yahoo! Messenger 8.1 |
Discussion
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
Yahoo! Messenger Webcam Upload ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to crash applications that use the affected control (typically Internet Explorer). Remote code execution may also be possible, but has not been confirmed.
Yahoo! Messenger 8.0.1 is vulnerable; other versions may also be affected.
Yahoo! Messenger Webcam Upload ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to crash applications that use the affected control (typically Internet Explorer). Remote code execution may also be possible, but has not been confirmed.
Yahoo! Messenger 8.0.1 is vulnerable; other versions may also be affected.
Exploit / POC
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploits are available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploits are available:
Solution / Fix
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining the appropriate updates.
References
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Yahoo! Messenger Homepage (Yahoo!)
- Yahoo! Webcam ActiveX Controls (Yahoo!)
- Yahoo! Webcam ActiveX Controls Multiple Buffer Overflows (eEye Digital Security)
- Vulnerability Note VU#949817 - Yahoo! Webcam image upload ActiveX control vulner (US-CERT)