header-logo
Suggest Exploit
vendor:
Yahoo! Messenger
by:
Not specified
7.5
CVSS
HIGH
Buffer Overrun
120
CWE
Product Name: Yahoo! Messenger
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Not specified

Yahoo! Messenger File Transfer Buffer Overrun Vulnerability

Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the victim user must then accept. This will reportedly result in an access violation error, which is likely due to memory corruption. An attacker may theoretically exploit this condition to execute arbitrary code on a client system. This condition can be exploited via a malicious 'sendfile' link.

Mitigation:

Not specified
Source

Exploit-DB raw data:

source: Yahoo! Messenger File Transfer Buffer Overrun Vulnerability

Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the victim user must then accept. This will reportedly result in an access violation error, which is likely due to memory corruption.

An attacker may theoretically exploit this condition to execute arbitrary code on a client system. This condition can be exploited via a malicious 'sendfile' link. 

YMSGR:sendfile?[victim_yahooID]+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&c%c:\[somefile]

Navigation

Suggest Exploit

Services By CQR