|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2906 CVE : CVE-2007-3928 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Rajesh Sethumadhavan Published : 23.07.2007
Advisory Content : Yahoo Messenger 8.1 Address Book Buffer Overflow ##################################################################### XDisclose Advisory : XD100002 Vulnerability Discovered : 10 April 2007 Advisory Released : 17 July 2007 Credit : Rajesh Sethumadhavan Class : Buffer OverFlow Denial Of Service Solution Status : Unpatched Vendor : Yahoo Inc Vendor Website : http://www.yahoo.com Affected applications : Yahoo Messenger 8.1 and prior ##################################################################### Overview: Yahoo! Inc. is an American computer services company with a mission to "be the most essential global Internet service for consumers and businesses". It operates an Internet portal, including the popular Yahoo! Mail and Yahoo Messenger. According to Web trends Yahoo! is the most visited website on the Internet today with more than 400 million unique users. The global network of Yahoo! websites received 3.4 billion page views per day on average as of October 2005. Description: Yahoo! Messenger is a widely used communicating program over the Internet. A buffer overflow vulnerability is discovered in the Yahoo! Messenger for Microsoft Windows. Buffer overflow occurs when Yahoo! Messenger loads a specially crafted address book entry. POC: -Create a address book entry using yahoo portal with large amount of 'a' in "email address" textbox. -Login to yahoo messenger -Go to address book tab in yahoo messenger -Place your mouse over the specially crafted address book entry -Yahoo messenger will immediately crash Exploitation Method: -Send an address book to the victim with specially crafted address -Social engineer the victim to place mouse over the imported address Screenshot: http://www.xdisclose.com/images/yahooaddressbof.jpg Impact: Successful exploitation may allows execution of arbitrary code with Privilege of currently log users. Original Advisory: http://www.xdisclose.com/advisory/XD100002.html Credits: Rajesh Sethumadhavan has been credited with the discovery of this vulnerability --------------------------------- Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070716/206 30db6/attachment.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |