Added: 04/12/2007
CVE: CVE-2007-1680
BID: 23291
OSVDB: 34319
Yahoo! Messenger is an instant messaging application. It includes the AudioConf ActiveX control which is provided by **yacscom.dll**
.
A buffer overflow vulnerability in the AudioConf ActiveX control allows command execution when the **createAndJoinConference**
method is called with a long **socksHostname**
or **hostname**
parameter.
Download the latest version of Yahoo! Messenger.
<http://messenger.yahoo.com/security_update.php?id=031207>
<http://www.zerodayinitiative.com/advisories/ZDI-07-012.html>
<http://www.kb.cert.org/vuls/id/388377>
Exploit works with Yahoo! Messenger 8.1.0.195 and requires a user to load the exploit page.
Windows