Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
BID:25727
Info
Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
| Bugtraq ID: | 25727 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5017 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 19 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Shinnai is credited with discovering this vulnerability. |
| Vulnerable: |
Yahoo! Messenger 8.1 .421 |
| Not Vulnerable: | |
Discussion
Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
Yahoo! Messenger CYFT ActiveX control is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.
Successfully exploiting this issue allows an attacker to upload malicious files to an arbitrary location on a victim's computer; the files will have the permissions of the application using the ActiveX control (typically Internet Explorer).
Yahoo! Messenger 8.1.0.421 is vulnerable; other versions may also be affected.
Yahoo! Messenger CYFT ActiveX control is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.
Successfully exploiting this issue allows an attacker to upload malicious files to an arbitrary location on a victim's computer; the files will have the permissions of the application using the ActiveX control (typically Internet Explorer).
Yahoo! Messenger 8.1.0.421 is vulnerable; other versions may also be affected.
Exploit / POC
Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
UPDATE (August 11, 2008): Symantec has detected active exploit attempts in the wild.
The following exploit code is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
UPDATE (August 11, 2008): Symantec has detected active exploit attempts in the wild.
The following exploit code is available:
Solution / Fix
Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Yahoo! Messenger Homepage (Yahoo!)