Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4515

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4515
Last Modified 07 Mar 2011 09:58:42
Published 31 Aug 2007 06:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4515

Summary

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Yahoo Messenger 8.1.0.413


References

SECUNIA - 26579

CONFIRM - http://messenger.yahoo.com/security_update.php?id=082907

IDEFENSE - 20070830 Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities

XF - yahoo-messenger-yverinfo-bo(36363)

VUPEN - ADV-2007-3011

BID - 25494

SECTRACK - 1018628

SREASON - 3083

OSVDB - 37739


Last Updated: 27 May 2016 10:45:53