ActiveX Control Vulnerability in Yahoo! Messenger by Yahoo
CVE-2009-4171

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 2 December 2009

What is CVE-2009-4171?

The vulnerability in the ActiveX control within Yahoo! Messenger allows attackers to trigger a denial of service by invoking the RegisterMe method with an excessively long argument. This leads to a NULL pointer dereference, which can cause the application to crash, thus disrupting the functionality of the software. This issue affects Yahoo! Messenger versions 9.0.0.2162 and potentially other versions in the 9.0 series.

References

http://www.securityfocus.com/archive/1/507818/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/54263

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/37007

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2009
Vulnerability Reserved
Dec 2, 2009

CVE-2009-4171 Data

JSON