Vulnerability Note VU#755755
Yahoo! Messenger contains a buffer overflow in "set_buddygrp" when adding users to a buddy list via the web
Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "set_buddygrp" field of Yahoo! Messenger.
A remotely exploitable buffer overflow exists in the "set_buddygrp" field that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. It is possible to crash the Yahoo! Messenger client by overflowing the "set_buddygrp" field.
Exploitation of this vulnerability crashes the application, resulting in a denial-of-service condition. However, this vulnerability is a buffer overflow, and may allow the execution of arbitrary code on the local system with the privileges of the current user.
This vulnerability was fixed by a sever-side resolution in February 2002. No user action is required.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Yahoo||Affected||31 May 2002||05 Jun 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by Adam Lang.
This document was written by Jason Rafail.
- CVE IDs: Unknown
- CERT Advisory: CA-2002-16
- Date Public: 26 Feb 2002
- Date First Published: 05 Jun 2002
- Date Last Updated: 05 Jun 2002
- Severity Metric: 22.78
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.