CVE-2007-5017
Yahoo! Messenger 8.1.0.421 - CYFT Object Arbitrary File Download
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Vulnerabilidad de escalado de rutas absolutas en ciertos controles de ActiveX en el objeto CYFT del ft60.dll del Yahoo! Messenger 8.1.0.421 permite a atacantes remotos forzar una descarga y crear o sobrescribir ficheros de su elección a través de un nombre de ruta completa como segundo argumento del método GetFile.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-20 CVE Reserved
- 2007-09-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-08-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/38296 | Vdb Entry | |
| http://www.securitytracker.com/id?1018715 | Vdb Entry | |
| http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36694 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4428 | 2024-08-07 | |
| http://www.securityfocus.com/bid/25727 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|