Integer Overflow Vulnerability in Yahoo! Messenger Affected by Photo Sharing Feature
CVE-2012-0268

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 19 January 2012

What is CVE-2012-0268?

An integer overflow has been identified in the CYImage::LoadJPG method located within YImage.dll in Yahoo! Messenger versions prior to 11.5.0.155. This vulnerability emerges when the photo sharing feature is enabled and can be exploited by remote attackers. By crafting a specific JPG image, an attacker can trigger a heap-based buffer overflow, potentially allowing for arbitrary code execution on a vulnerable system. This highlights the need for immediate updates to safeguard against such exploits.

References

http://secunia.com/advisories/47041

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 19, 2012

CVE-2012-0268 Data

JSON