CVE-2007-1680

2007-04-0601:19:00

[email protected]

web.nvd.nist.gov

cve

buffer overflow

yahoo messenger

audioconf

activex control

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.672 Medium

EPSS

Percentile

98.0%

JSON

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Affected configurations

NVD

Node

yahoomessengerMatch8.0

yahoomessengerMatch8.0.0.863

yahoomessengerMatch8.0_2005.1.1.4

yahoomessengerMatch8.1.0.209

yahoomessengerMatch8.1.0.239

CPENameOperatorVersion
yahoo:messengeryahoo messengereq8.0
yahoo:messengeryahoo messengereq8.0.0.863
yahoo:messengeryahoo messengereq8.0_2005.1.1.4
yahoo:messengeryahoo messengereq8.1.0.209
yahoo:messengeryahoo messengereq8.1.0.239

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	8.0
yahoo:messenger	yahoo messenger	eq	8.0.0.863
yahoo:messenger	yahoo messenger	eq	8.0_2005.1.1.4
yahoo:messenger	yahoo messenger	eq	8.1.0.209
yahoo:messenger	yahoo messenger	eq	8.1.0.239