CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.3%
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Vendor | Product | Version | CPE |
---|---|---|---|
yahoo | messenger | * | cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:* |
yahoo | messenger | 0.99.17-1 | cpe:2.3:a:yahoo:messenger:0.99.17-1:*:*:*:*:*:*:* |
yahoo | messenger | 1.0 | cpe:2.3:a:yahoo:messenger:1.0:*:*:*:*:*:*:* |
yahoo | messenger | 1.0.4 | cpe:2.3:a:yahoo:messenger:1.0.4:*:*:*:*:*:*:* |
yahoo | messenger | 1.0.6 | cpe:2.3:a:yahoo:messenger:1.0.6:*:*:*:*:*:*:* |
yahoo | messenger | 2.0.1.4 | cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:* |
yahoo | messenger | 3.0 | cpe:2.3:a:yahoo:messenger:3.0:*:*:*:*:*:*:* |
yahoo | messenger | 3.0.1 | cpe:2.3:a:yahoo:messenger:3.0.1:*:*:*:*:*:*:* |
yahoo | messenger | 3.0.1 | cpe:2.3:a:yahoo:messenger:3.0.1:beta-35554:*:*:*:*:*:* |
yahoo | messenger | 3.5 | cpe:2.3:a:yahoo:messenger:3.5:*:*:*:*:*:*:* |