Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-3147

Published: 11/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 945
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Yahoo

Vulnerability Summary

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote malicious users to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yahoo messenger 8.1.0.249

yahoo messenger 8.0.1

yahoo messenger 8.0_2005.1.1.4

yahoo messenger 2.0.1.4

yahoo messenger 8.0

yahoo messenger 8.0.0.863

Exploits

Exploit DB: Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow
<html> <!-- 45 minutes of fuzzing! Great results! very relible, runs calcexe, replace with shellcode of your choice!!! link:wwwinformationweekcom/news/showArticlejhtml?articleID=199901856 maybe more vulz! Greetz to: str0ke and shinnai! --> <html> <object classid='clsid:DCE2F8B1-A520-11D4-8FD0-00D0B7730277' id='ta ...
Exploit DB: Yahoo! Messenger Webcam 8.1 - 'Ywcupl.dll' Download / Execute
/* Compile in LCC-win32 (Free!) Download and exec any file you like! Have Fun! */ #include <stdioh> #include <stringh> #include <stdlibh> char *file = "Click_herehtml"; FILE *fp = NULL; unsigned char sc[] = "\xEB\x54\x8B\x75\x3C\x8B\x74\x35\x78\x03\xF5\x56\x8B\x76\x20\x03" "\xF5\x33\xC9\x49\x41\xAD\x33\xDB\x36\x ...
Exploit DB: Yahoo! Messenger 8.1.0.249 - ActiveX Control Buffer Overflow (Metasploit)
## # $Id: yahoomessenger_serverrb 9525 2010-06-15 07:18:08Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

References

CWE-119http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.htmlhttp://research.eeye.com/html/advisories/published/AD20070608.htmlhttp://research.eeye.com/html/advisories/upcoming/20070605.htmlhttp://messenger.yahoo.com/security_update.php?id=060707http://www.kb.cert.org/vuls/id/949817http://www.securityfocus.com/bid/24354http://securitytracker.com/id?1018204http://secunia.com/advisories/25547http://www.securityfocus.com/bid/24341http://www.securitytracker.com/id?1018203http://securityreason.com/securityalert/2809http://www.vupen.com/english/advisories/2007/2094https://exchange.xforce.ibmcloud.com/vulnerabilities/34758https://www.exploit-db.com/exploits/4042http://www.securityfocus.com/archive/1/470861/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/4042/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook