Yahoo! Messenger File Transfer Denial Of Service Vulnerability

Bugtraq ID:	25484
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4635
Remote:	Yes
Local:	No
Published:	Aug 29 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	SlicK is credited with the discovery of this issue.
Vulnerable:	Yahoo! Messenger 8.1 .402 Yahoo! Messenger 8.1.0.209
Not Vulnerable:

Yahoo! Messenger File Transfer Denial Of Service Vulnerability

Yahoo! Messenger is prone to a denial-of-service vulnerability because it fails to handle certain file-transfer packets.

Attackers can exploit this issue to crash the application, causing denial-of-service conditions.

NOTE: This issue is reportedly caused by a buffer-overflow issue, but this has not been confirmed.

Yahoo! Messenger 8.1.0.209 and 8.1.0.402 are vulnerable; other versions may also be affected.

Yahoo! Messenger File Transfer Denial Of Service Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/25484-ym8bug.rar

Yahoo! Messenger File Transfer Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Yahoo! Messenger File Transfer Denial Of Service Vulnerability

References:

• Yahoo! Instant Messenger Homepage (Yahoo!)