CVE-2007-4034 – Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow

https://notcve.org/view.php?id=CVE-2007-4034

Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en la región stack de la memoria en el Control ActiveX YDPCTL.YDPControl.1 (también se conoce como Yahoo! • https://www.exploit-db.com/exploits/4250 http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html http://osvdb.org/37705 http://secunia.com/advisories/26011 http://www.kb.cert.org/vuls/id/120760 http://www.securityfocus.com/bid/25086 http://www.securitytracker.com/id?1018470 http://www.vupen.com/english/advisories/2007/2679 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •