Lucene search

[email protected]CVE-2014-7216

HistorySep 11, 2015 - 8:59 p.m.

CVE-2014-7216

2015-09-1120:59:00

CWE-119

[email protected]

web.nvd.nist.gov

nvd

cve-2014-7216

yahoo! messenger

buffer overflows

denial of service

remote attackers

arbitrary code

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.

Affected configurations

NVD

Node

yahoomessengerRange≤11.5.0.228

CPENameOperatorVersion
yahoo:messengeryahoo messengerle11.5.0.228

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	le	11.5.0.228

References

packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html

seclists.org/fulldisclosure/2015/Sep/24

www.securityfocus.com/archive/1/536390/100/0/threaded

www.securitytracker.com/id/1033544

hackerone.com/reports/10767

www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2014-7216

seebug1 zdt1 kaspersky1 cvelist1 prion1 nvd1 hackerone1