Lucene search

[email protected]CVE-2007-4391

HistoryAug 17, 2007 - 10:17 p.m.

CVE-2007-4391

2007-08-1722:17:00

CWE-119

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-4391

kakadu

buffer overflow

denial of service

yahoo! messenger

jpeg2000

remote attackers

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.078 Low

EPSS

Percentile

94.3%

JSON

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an “invite to view my webcam” request, and then injecting a DLL into the attacker’s peer Yahoo! Messenger application when this request is accepted.

Affected configurations

NVD

Node

yahoomessengerMatch8.1.0.413

CPENameOperatorVersion
yahoo:messengeryahoo messengereq8.1.0.413

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	eq	8.1.0.413

References

osvdb.org/38221

secunia.com/advisories/26501

www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/

www.kb.cert.org/vuls/id/515968

www.securityfocus.com/bid/25330

www.securitytracker.com/id?1018586

www.team509.com/expyahoo.rar

www.vupen.com/english/advisories/2007/2917

exchange.xforce.ibmcloud.com/vulnerabilities/36115

www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.078 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2007-4391

nessus1 cvelist1 cert1 nvd1 prion1