Published: 31/08/2007 Updated: 29/07/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in a certain ActiveX control in YVerInfo.dll prior to 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger prior to 8.1.0.419 allows remote malicious users to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yahoo messenger

<!-- Yahoo! Messenger (YVerInfodll <= 20078271) ActiveX Control Buffer Overflows update YM : messengeryahoocom/security_updatephp?id=082907 Functions : fvcom or info; RegKey Safe for Script: True RegKey Safe for Init: True -> that functions are safely scriptable and exploitable by HeapSpray Technique Tested : Windows XP P ...

## # $Id: yahoomessenger_fvcomrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

CWE-119 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591 http://messenger.yahoo.com/security_update.php?id=082907 http://secunia.com/advisories/26579 http://www.securityfocus.com/bid/25494 http://securitytracker.com/id?1018628 http://securityreason.com/securityalert/3083 http://osvdb.org/37739 http://www.vupen.com/english/advisories/2007/3011 https://exchange.xforce.ibmcloud.com/vulnerabilities/36363 https://nvd.nist.gov https://www.exploit-db.com/exploits/4351/

CVE-2007-4515

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect