ActiveX Control Buffer Overflow in Yahoo! Messenger by Yahoo!
CVE-2007-4515

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 31 August 2007

What is CVE-2007-4515?

A buffer overflow vulnerability exists in the ActiveX control YVerInfo.dll used by Yahoo! Messenger. This flaw occurs in versions prior to 8.1.0.419 and allows remote attackers to execute arbitrary code by sending specially crafted arguments to the fvCom and info methods. Exploiting this vulnerability could lead to unauthorized access and control over the affected system, raising serious security concerns for users.

References

http://osvdb.org/37739

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/26579

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/36363

vdb-entryx_refsource_XF

EPSS Score

33% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2007
Vulnerability Reserved
Aug 23, 2007

CVE-2007-4515 Data

JSON