CVE-2007-4034
Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.
Un desbordamiento de búfer en la región stack de la memoria en el Control ActiveX YDPCTL.YDPControl.1 (también se conoce como Yahoo! Installer Plugin for Widgets) versiones anteriores a 2007.7.13.3 (20070620) en la biblioteca YDPCTL.dll en Yahoo! Widgets versiones anteriores a 4.0.5, permite a atacantes remotos ejecutar código arbitrario por medio de un argumento long en el método GetComponentVersion. NOTA: algunos de estos datos son obtenidos a partir de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-27 CVE Reserved
- 2007-07-27 CVE Published
- 2007-07-31 First Exploit
- 2024-07-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37705 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/120760 | Third Party Advisory |
|
| http://www.securitytracker.com/id?1018470 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2679 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4250 | 2007-07-31 | |
| http://www.securityfocus.com/bid/25086 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html | 2011-03-07 | |
| http://secunia.com/advisories/26011 | 2011-03-07 |
| URL | Date | SRC |
|---|