Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
BID:25086
Info
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 25086 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4034 CVE-2008-4034 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 27 2007 12:00AM |
| Updated: | Jul 05 2016 09:38PM |
| Credit: | Parvez Anwar is credited with discovering this issue. |
| Vulnerable: |
Yahoo! Widgets Engine 4.0.3 Build 178 |
| Not Vulnerable: |
Yahoo! Widgets Engine 4.0.5 |
Discussion
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.
Exploit / POC
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
This issue may be triggered using a browser.
A new version of the IcePack exploit is exploiting this issue.
The following exploit is available:
This issue may be triggered using a browser.
A new version of the IcePack exploit is exploiting this issue.
The following exploit is available:
Solution / Fix
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
Solution:
Yahoo! has released an update that addresses this issue. Please see the vendor references for details.
Yahoo! Widgets Engine 4.0.3 Build 178
Solution:
Yahoo! has released an update that addresses this issue. Please see the vendor references for details.
Yahoo! Widgets Engine 4.0.3 Build 178
-
Yahoo! Yahoo! Widgets 4.0.5
http://widgets.yahoo.com/gallery/dl_item.php?item=YahooWidgets.exe
References
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Microsoft Support Document 240797 (Microsoft)
- Saturday, September 08, 2007 A new exploit this weekend (Roger Thompson)
- Yahoo! Update to version 4.0.5 (Yahoo!)