Vulnerability Note VU#272644
Yahoo! Audio Conferencing ActiveX control vulnerable to buffer overflow
A remotely exploitable buffer overflow vulnerability has been discovered in the Yahoo! Audio Conferencing ActiveX control.
The Yahoo! Audio Conferencing ActiveX control is used in the web-based Yahoo! Chat service, as well as in the Win32 Yahoo! Messenger application. There is a remotely exploitable buffer overflow in this ActiveX control that could allow a remote attacker to take various unauthorized actions. In order to exploit this vulnerability, the attacker would need to convince the victim to view malicious HTML (a web page, for example).
Various impacts are well summarized in the documentation issued by Yahoo! Inc. in response to this vulnerability:
Some common impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code.
Update your Yahoo! Audio Conferencing ActiveX control. For detailed instructions, please see the Yahoo! Audio Conferencing Update web page.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Yahoo! Inc.||Affected||-||02 Jun 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Cesar <email@example.com>.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 12 May 2003
- Date First Published: 02 Jun 2003
- Date Last Updated: 02 Jun 2003
- Severity Metric: 3.00
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.