|
|
|
|
| |
Credit:
The information has been provided by Peter Vreugdenhil.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
|
| |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Yahoo Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the ActiveX control Yahoo.AudioConf:
DLL: yacscom.dll
CLSID: 85A4A99C-8C3D-499E-A386-E0743DFF8FB7
When large values are specified for the 'socksHostname' and 'hostname' properties, and the createAndJoinConference() method is called, a stack overflow occurs. Exploitation can result in code execution under the context of the current user.
Vendor Response:
Yahoo has issued an update to correct this vulnerability. More details can be found at:
http://messenger.yahoo.com/security_update.php?id=031207
Disclosure Timeline:
2006.10.27 - Vulnerability reported to vendor
2006.11.10 - Digital Vaccine released to TippingPoint customers
2007.04.03 - Coordinated public release of advisory
CVE Information:
CVE-2007-1680
|
|
|
|
|
