Lucene search

[email protected]CVE-2008-2111

HistoryMay 07, 2008 - 11:20 p.m.

CVE-2008-2111

2008-05-0723:20:00

CWE-399

[email protected]

web.nvd.nist.gov

yahoo! assistant

activex control

remote code execution

cve-2008-2111

memory corruption

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%

JSON

The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

Affected configurations

NVD

Node

yahooyahoo_assistantRange≤3.6

CPENameOperatorVersion
yahoo:yahoo_assistantyahoo yahoo assistantle3.6

CPE	Name	Operator	Version
yahoo:yahoo_assistant	yahoo yahoo assistant	le	3.6

References

secunia.com/advisories/30115

secway.org/advisory/AD20080506EN.txt

www.securityfocus.com/bid/29065

www.securitytracker.com/id?1020004

www.vupen.com/english/advisories/2008/1471/references

exchange.xforce.ibmcloud.com/vulnerabilities/42233

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2008-2111

prion1 cvelist1 nvd1