Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-3148

Published: 11/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Messenger

Vulnerability Summary

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote malicious users to execute arbitrary code via a long server property value to the receive method.

Vulnerable Product Search on Vulmon Subscribe to Product

yahoo messenger 8.0_2005.1.1.4

yahoo messenger 8.1.0.249

yahoo messenger 2.0.1.4

yahoo messenger 8.0

yahoo messenger 8.0.0.863

yahoo messenger 8.0.1

Exploits

Exploit DB: Yahoo! Messenger Webcam 8.1 - 'Ywcvwr.dll' Download / Execute
/* Compile in LCC-win32 (Free!) Download and exec any file you like! Have Fun! */ #include <stdioh> #include <stringh> #include <stdlibh> char *file = "Click_herehtml"; FILE *fp = NULL; unsigned char sc[] = "\xEB\x54\x8B\x75\x3C\x8B\x74\x35\x78\x03\xF5\x56\x8B\x76\x20\x03" "\xF5\x33\xC9\x49\x41\xAD\x33\xD ...
Exploit DB: Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow (2)
This affects the viewer ywcvwrdll with yahoo messenger latest version tested Fixed bug in last post (x=0;xi<800;x++) should be (x=0; x<800; x++) Here is your 2nd 0day!!! link:wwwinformationweekcom/news/showArticlejhtml?articleID=199901856 <html> <object classid='clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730 ...

References

CWE-119http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.htmlhttp://research.eeye.com/html/advisories/published/AD20070608.htmlhttp://research.eeye.com/html/advisories/upcoming/20070605.htmlhttp://messenger.yahoo.com/security_update.php?id=060707http://www.kb.cert.org/vuls/id/932217http://www.securityfocus.com/bid/24355http://securitytracker.com/id?1018204http://secunia.com/advisories/25547http://www.securityfocus.com/bid/24341http://www.securitytracker.com/id?1018203http://www.vupen.com/english/advisories/2007/2094http://osvdb.org/37081https://exchange.xforce.ibmcloud.com/vulnerabilities/34759https://www.exploit-db.com/exploits/4043http://www.securityfocus.com/archive/1/470861/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/4052/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook