Secunia Advisory: SA26579
Release Date: 2007-08-30
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Yahoo! Messenger 8.x
CVE reference: CVE-2007-4515 (Secunia mirror)
Description:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the YVerInfo.dll ActiveX control and can be exploited to cause a buffer overflow e.g. when a user is tricked into viewing a malicious web page.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in YVerInfo.dll versions prior to 2007.8.27.1 included in Yahoo! Messenger downloaded before 2007-08-29.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php
Bollettino Secunia
Release Date: 2007-08-30
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Yahoo! Messenger 8.x
CVE reference: CVE-2007-4515 (Secunia mirror)
Description:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the YVerInfo.dll ActiveX control and can be exploited to cause a buffer overflow e.g. when a user is tricked into viewing a malicious web page.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in YVerInfo.dll versions prior to 2007.8.27.1 included in Yahoo! Messenger downloaded before 2007-08-29.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php
Bollettino Secunia