Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5396

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5396
Last Modified 07 Mar 2011 10:00:37
Published 09 Nov 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5396

Summary

Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).

Vulnerable Systems

Application

  • Miranda-im Miranda Im 0.7.1


References

SECUNIA - 27402

VUPEN - ADV-2007-3823

BID - 26389

MISC - http://secunia.com/secunia_research/2007-89/advisory/

CONFIRM - http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l

XF - mirandaim-extyahoocontact-format-string(38362)


Last Updated: 27 May 2016 10:46:10