Info

Disclosure

Feb 21, 2002

Discovery

Feb 21, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

Yahoo Messenger contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a message and the victim responds to the malicious message occurs, which will disclose victim's IP address information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Yahoo Inc. has released a patch to address this vulnerability.

Products

Yahoo! Inc.

Messenger

5.0

References

ISS X-Force ID: 10639
CVE ID: 2002-1664 (see also: NVD)
Bugtraq ID: 4163
Related OSVDB ID: 6866 6867 6868
CERT: CA-2002-16
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0246.html
Packet Storm: http://packetstormsecurity.org/advisories/misc/yahoo-im.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/6869