CVE-2007-3147

2007-06-1118:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2007-3147

buffer overflow

yahoo! messenger

activex control

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.95

Percentile

99.3%

JSON

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

yahoomessengerMatch2.0.1.4

yahoomessengerMatch8.0

yahoomessengerMatch8.0.0.863

yahoomessengerMatch8.0.1

yahoomessengerMatch8.0_2005.1.1.4

yahoomessengerMatch8.1.0.249

VendorProductVersionCPE
yahoomessenger2.0.1.4cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*
yahoomessenger8.0cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*
yahoomessenger8.0.0.863cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*
yahoomessenger8.0.1cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*
yahoomessenger8.0_2005.1.1.4cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*
yahoomessenger8.1.0.249cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yahoo	messenger	2.0.1.4	cpe:2.3:a:yahoo:messenger:2.0.1.4:::::::*
yahoo	messenger	8.0	cpe:2.3:a:yahoo:messenger:8.0:::::::*
yahoo	messenger	8.0.0.863	cpe:2.3:a:yahoo:messenger:8.0.0.863:::::::*
yahoo	messenger	8.0.1	cpe:2.3:a:yahoo:messenger:8.0.1:::::::*
yahoo	messenger	8.0_2005.1.1.4	cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:::::::*
yahoo	messenger	8.1.0.249	cpe:2.3:a:yahoo:messenger:8.1.0.249:::::::*