Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "set_buddygrp" field of Yahoo! Messenger.
A remotely exploitable buffer overflow exists in the "set_buddygrp" field that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. It is possible to crash the Yahoo! Messenger client by overflowing the "set_buddygrp" field.
Exploitation of this vulnerability crashes the application, resulting in a denial-of-service condition. However, this vulnerability is a buffer overflow, and may allow the execution of arbitrary code on the local system with the privileges of the current user.
This vulnerability was fixed by a sever-side resolution in February 2002. No user action is required.
This vulnerability was discovered by Adam Lang.
This document was written by Jason Rafail.