Heap-based Buffer Overflow in Yahoo! Messenger Leading to Application Crash
CVE-2007-4391

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 17 August 2007

What is CVE-2007-4391?

The vulnerability involves a heap-based buffer overflow in the kdu_v32m.dll component of Yahoo! Messenger 8.1.0.413. Remote attackers can exploit this weakness by sending specially crafted JPEG2000 data in an 'invite to view my webcam' request, leading to a denial of service condition through application crashes. Furthermore, this can allow the injection of malicious DLLs into the vulnerable instance of Yahoo! Messenger when the request is accepted, compromising system integrity.

References

http://www.vupen.com/english/advisories/2007/2917

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/36115

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/515968

third-party-advisoryx_refsource_CERT-VN

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2007
Vulnerability Reserved
Aug 17, 2007

CVE-2007-4391 Data

JSON