CVE Vulnerability

CVE-2007-4515

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591 Patch Vendor Advisory
http://messenger.yahoo.com/security_update.php?id=082907 Patch
http://secunia.com/advisories/26579 Patch Vendor Advisory
http://www.securityfocus.com/bid/25494
http://securitytracker.com/id?1018628
http://securityreason.com/securityalert/3083
http://osvdb.org/37739
http://www.vupen.com/english/advisories/2007/3011
https://exchange.xforce.ibmcloud.com/vulnerabilities/36363
Configurations

Configuration 1

cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*
Information

Published : 2007-08-31 10:17

Updated : 2017-07-29 01:32

NVD link : CVE-2007-4515

Mitre link : CVE-2007-4515

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer