CVSS: 9.3EPSS: 87%CPEs: 1EXPL: 2CVE-2007-4515 – Yahoo! Messenger - 'YVerInfo.dll' ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4515
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en cierto control ActiveX en YVerInfo.dll versiones anteriores a 2007.8.27.1 en la conjunto de servicios para Yahoo! • https://www.exploit-db.com/exploits/16522 https://www.exploit-db.com/exploits/4351 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591 http://messenger.yahoo.com/security_update.php?id=082907 http://osvdb.org/37739 http://secunia.com/advisories/26579 http://securityreason.com/securityalert/3083 http://securitytracker.com/id?1018628 http://www.securityfocus.com/bid/25494 http://www.vupen.com/english/advisories/2007/3011 https://exchange.xforce.ibmcloud.com/vuln • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 2CVE-2007-4391 – Yahoo! Messenger 8.1 - 'KDU_V32M.DLL' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4391
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. Desbordamiento de búfer basado en pila en Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 permite a atacantes remotos provocar denegación de servicio (caida de aplicación)a través de ciertas longitudes de campo en los datos JPEG2000, como se demostró con el envío de una respuesta a "una invitación para ver mi webcam", y su posterior inyección de una DLL dentro de la aplicación Yahoo! • https://www.exploit-db.com/exploits/30500 https://www.exploit-db.com/exploits/4335 http://osvdb.org/38221 http://secunia.com/advisories/26501 http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day http://www.kb.cert.org/vuls/id/515968 http://www.securityfocus.com/bid/25330 http://www.securitytracker.com/id?1018586 http://www.team509.com/expyahoo.rar http://www.vupen.com/english/advisories/2007/2917 https://exchan • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 84%CPEs: 1EXPL: 2CVE-2007-4034 – Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow
https://notcve.org/view.php?id=CVE-2007-4034
Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en la región stack de la memoria en el Control ActiveX YDPCTL.YDPControl.1 (también se conoce como Yahoo! • https://www.exploit-db.com/exploits/4250 http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html http://osvdb.org/37705 http://secunia.com/advisories/26011 http://www.kb.cert.org/vuls/id/120760 http://www.securityfocus.com/bid/25086 http://www.securitytracker.com/id?1018470 http://www.vupen.com/english/advisories/2007/2679 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 8%CPEs: 1EXPL: 0CVE-2007-3928
https://notcve.org/view.php?id=CVE-2007-3928
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638. Desbordamiento de búfer en Yahoo! Messenger 8.1 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante una dirección larga de correo electrónico en una entrada de la libreta de direcciones. NOTA: Esto podría solaparse con CVE-2007-3638. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html http://secunia.com/advisories/26066 http://securityreason.com/securityalert/2906 http://www.securityfocus.com/bid/24926 http://www.securitytracker.com/id?1018398 http://www.xdisclose.com/advisory/XD100002.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35434 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3638 – Yahoo! Messenger 8.1 - Address Book Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3638
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Un desbordamiento de búfer en Yahoo! • https://www.exploit-db.com/exploits/30314 http://www.securityfocus.com/bid/24784 http://www.wslabi.com/wabisabilabi/initPublishedBid.do? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •