Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4391

Published: 17/08/2007 Updated: 29/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Yahoo

Vulnerability Summary

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote malicious users to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.

Vulnerable Product Search on Vulmon Subscribe to Product

yahoo messenger 8.1.0.413

Exploits

Exploit DB: Yahoo! Messenger 8.1.0.413 - 'webcam' Remote Crash
Yahoo! Messenger 810413 (webcam) Remote Crash Exploit 1compile the dll 2 choose "invite to view my webcam" to a contact id who is online using yahoo! messenger 3when the otherside accept the invatation , inject the dll to local yahoo! messenger 810413 's process 4 the otherside's yahoo! messenger will be crashed Exploit-DB Mirror: ...
Exploit DB: Yahoo! Messenger 8.1 - 'KDU_V32M.DLL' Remote Denial of Service
source: wwwsecurityfocuscom/bid/25330/info Yahoo! Messenger is prone to a remote denial-of-service vulnerability An attacker can exploit this issue to crash the affected application, denying service to legitimate users This issue affects Yahoo! Messenger 810; other versions may also be affected githubcom/offensive-securi ...

References

CWE-119CWE-20http://www.team509.com/expyahoo.rarhttps://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749http://www.securityfocus.com/bid/25330http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/http://www.kb.cert.org/vuls/id/515968http://www.securitytracker.com/id?1018586http://secunia.com/advisories/26501http://osvdb.org/38221http://www.vupen.com/english/advisories/2007/2917https://exchange.xforce.ibmcloud.com/vulnerabilities/36115https://nvd.nist.govhttps://www.exploit-db.com/exploits/4335/https://www.kb.cert.org/vuls/id/515968
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook