CVE-2002-2361

2007-10-2919:00:00

mitre

www.cve.org

yahoo messenger

installer

signature verification

vulnerability

dns spoofing

trojan programs

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

73.4%

JSON

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

References

cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html

www.iss.net/security_center/static/9984.php

www.securityfocus.com/bid/5579