CVE Vulnerabilities

CVE-2007-1680

Published: Apr 06, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Affected Software

Name Vendor Start Version End Version
Messenger Yahoo 8.0 (including) 8.0 (including)
Messenger Yahoo 8.0.0.863 (including) 8.0.0.863 (including)
Messenger Yahoo 8.0_2005.1.1.4 (including) 8.0_2005.1.1.4 (including)
Messenger Yahoo 8.1.0.209 (including) 8.1.0.209 (including)
Messenger Yahoo 8.1.0.239 (including) 8.1.0.239 (including)

References