Info

Disclosure

Jun 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 08, 2007

Description

A buffer overflow exists in Yahoo! Messenger. The Webcam Upload ActiveX control fails to validate data passed to the 'send' method resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Yahoo! has released a patch to address this vulnerability.

Products

Yahoo! Inc.

Messenger

8.1.0.249

References

Security Tracker: 1018203 1018204
CVE ID: 2007-3147 (see also: NVD)
Bugtraq ID: 24341 24354
Secunia Advisory ID: 25547
SCIP VulDB ID: 3108
ISS X-Force ID: 34758
Related OSVDB ID: 37081
Metasploit ID: 37082
Milw0rm: 4042 4053
Exploit Database: 4042 4053
CERT VU: 949817
VUPEN Advisory: ADV-2007-2094
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0117.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0133.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0154.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html
Vendor Specific News/Changelog Entry: http://messenger.yahoo.com/security_update.php?id=060707
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20070608.html
http://research.eeye.com/html/advisories/upcoming/20070605.html
http://securityreason.com/securityalert/2809

Credit

Greg Linares -

Direct URL: http://osvdb.org/37082