Lucene search

[email protected]CVE-2005-0242

HistoryFeb 18, 2005 - 5:00 a.m.

CVE-2005-0242

2005-02-1805:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0242

yahoo! messenger

audio setup wizard

asw.dll

nvd

vulnerability

ping.exe

arbitrary code

weak default permissions

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.

Affected configurations

NVD

Node

yahoomessengerMatch5.5

yahoomessengerMatch5.6

yahoomessengerMatch5.6.0.1351

yahoomessengerMatch6.0

yahoomessengerMatch6.0.0.1750

CPENameOperatorVersion
yahoo:messengeryahoo messengereq5.5
yahoo:messengeryahoo messengereq5.6
yahoo:messengeryahoo messengereq5.6.0.1351
yahoo:messengeryahoo messengereq6.0
yahoo:messengeryahoo messengereq6.0.0.1750

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	5.5
yahoo:messenger	yahoo messenger	eq	5.6
yahoo:messenger	yahoo messenger	eq	5.6.0.1351
yahoo:messenger	yahoo messenger	eq	6.0
yahoo:messenger	yahoo messenger	eq	6.0.0.1750

References

messenger.yahoo.com/security/update6.html

secunia.com/advisories/11815

secunia.com/secunia_research/2004-6/advisory/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2005-0242

securityvulns1 nvd1 cvelist1