Remote Denial of Service in Yahoo! Messenger by Corrupted Packets
CVE-2005-1618

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 16 May 2005

What is CVE-2005-1618?

The YMSGR URL handler in Yahoo! Messenger versions 5.x through 6.0 is susceptible to a remote denial of service attack. An attacker can exploit this vulnerability by sending a specially crafted room login or room join request packet containing a third colon (:) and an ampersand (&). This malformed packet leads to the Messenger application sending an incorrect data packet to the server, resulting in a disconnect from the service and disrupting user connectivity.

References

http://marc.info/?l=bugtraq&m=111601904204055&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/13626

vdb-entryx_refsource_BID

http://www.osvdb.org/16816

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2005
Vulnerability Reserved
May 16, 2005

CVE-2005-1618 Data

JSON