Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote malicious users to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yahoo messenger 8.1.0.421 |