CVE-2005-0243

2005-02-1805:00:00

[email protected]

web.nvd.nist.gov

yahoo messenger

file dialog

remote code execution

cve-2005-0243

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.

Affected configurations

NVD

Node

yahoomessengerMatch5.5

yahoomessengerMatch5.6

yahoomessengerMatch5.6.0.1351

yahoomessengerMatch6.0

yahoomessengerMatch6.0.0.1750

CPENameOperatorVersion
yahoo:messengeryahoo messengereq5.5
yahoo:messengeryahoo messengereq5.6
yahoo:messengeryahoo messengereq5.6.0.1351
yahoo:messengeryahoo messengereq6.0
yahoo:messengeryahoo messengereq6.0.0.1750

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	5.5
yahoo:messenger	yahoo messenger	eq	5.6
yahoo:messenger	yahoo messenger	eq	5.6.0.1351
yahoo:messenger	yahoo messenger	eq	6.0
yahoo:messenger	yahoo messenger	eq	6.0.0.1750