Info

Disclosure

Jun 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 08, 2007

Description

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 2.0.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1018203 1018204
CVE ID: 2007-3148 (see also: NVD)
Bugtraq ID: 24341 24355
Secunia Advisory ID: 25547
SCIP VulDB ID: 3108
ISS X-Force ID: 34759
Related OSVDB ID: 37082
Milw0rm: 4043
Exploit Database: 4043
CERT VU: 932217
VUPEN Advisory: ADV-2007-2094
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0117.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0133.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0154.html
Vendor Specific News/Changelog Entry: http://messenger.yahoo.com/security_update.php?id=060707
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20070608.html
http://research.eeye.com/html/advisories/upcoming/20070605.html
Generic Exploit URL: http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/yahoo_messenger_webcam

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/37081