Arbitrary Code Execution Vulnerability in Yahoo! Messenger by Yahoo
CVE-2005-0242

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 18 February 2005

What is CVE-2005-0242?

The Audio Setup Wizard (asw.dll) in Yahoo! Messenger versions, including 6.0.0.1750, is vulnerable to arbitrary code execution. Attackers can exploit this vulnerability by placing a malicious ping.exe program in the Messenger program directory, which is created with weak default permissions. This flaw may affect other versions, making it crucial for users to update their software to mitigate potential security risks.

References

http://secunia.com/advisories/11815

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/secunia_research/2004-6/advisory/

x_refsource_MISC

http://messenger.yahoo.com/security/update6.html

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2005
Vulnerability Reserved
Feb 8, 2005

CVE-2005-0242 Data

JSON