Yahoo! Messenger address book buffer overflow
| yahoo-messenger-address-book-bo (35434) |  High Risk |
Description:
Yahoo! Messenger is vulnerable to a buffer overflow. By persuading a victim to add a specially-crafted address book entry, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user or cause the victim's application to crash.
Platforms Affected:
- Yahoo, Messenger 8.1
Remedy:
Yahoo! has implemented a server side fix for this vulnerability.
Consequences:
Gain Access
References:
- XDisclose Advisory XD100002, Yahoo Messenger 8.1 Address Book Buffer Overflow at http://www.xdisclose.com/advisory/XD100002.html.
- Yahoo! Messenger Web site, Yahoo! Messenger for the Web at http://messenger.yahoo.com/webmessengerpromo.php.
- BID-24926: Yahoo! Messenger Address Book Remote Buffer Overflow Vulnerabilitiy
- CVE-2007-3928: Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
- SA26066: Yahoo! Messenger Long Email Address Book Buffer Overflow
- SECTRACK ID: 1018398: Yahoo Messenger Buffer Overflow in Address Book May Let Users Execute Arbitrary Code
Reported:
Jul 17, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net