|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#755755
Yahoo! Messenger contains a buffer overflow in "set_buddygrp" when adding users to a buddy list via the web
OverviewYahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "set_buddygrp" field of Yahoo! Messenger.
I. DescriptionA remotely exploitable buffer overflow exists in the "set_buddygrp" field that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. It is possible to crash the Yahoo! Messenger client by overflowing the "set_buddygrp" field. II. ImpactExploitation of this vulnerability crashes the application, resulting in a denial-of-service condition. However, this vulnerability is a buffer overflow, and may allow the execution of arbitrary code on the local system with the privileges of the current user.III. SolutionThis vulnerability was fixed by a sever-side resolution in February 2002. No user action is required.Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Yahoo | Vulnerable | 5-Jun-2002 |
References
Credit
This vulnerability was discovered by Adam Lang.
This document was written by Jason Rafail.
Other Information
| Date Public: | 2002-02-26 |
| Date First Published: | 2002-06-05 |
| Date Last Updated: | 2002-06-05 |
| CERT Advisory: | CA-2002-16 |
| CVE-ID(s): | |
| NVD-ID(s): | |
| US-CERT Technical Alerts: | |
| Metric: | 22.78 |
| Document Revision: | 21 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader