Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5017

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5017
Last Modified 15 Nov 2008 01:59:24
Published 20 Sep 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5017

Summary

Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.

Vulnerable Systems

Application

  • Yahoo Messenger 8.1.0.421


References

BID - 25727

MILW0RM - 4428

OSVDB - 38296

XF - yahoo-messenger-ft60-code-execution(36694)

MISC - http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html

SECTRACK - 1018715


Last Updated: 27 May 2016 10:46:02