Yahoo Messenger AudioConf ActiveX control buffer overflow

Added: 04/12/2007
CVE: CVE-2007-1680
BID: 23291
OSVDB: 34319

Background

Yahoo! Messenger is an instant messaging application. It includes the AudioConf ActiveX control which is provided by yacscom.dll.

Problem

A buffer overflow vulnerability in the AudioConf ActiveX control allows command execution when the createAndJoinConference method is called with a long socksHostname or hostname parameter.

Resolution

Download the latest version of Yahoo! Messenger.

References

http://messenger.yahoo.com/security_update.php?id=031207
http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
http://www.kb.cert.org/vuls/id/388377

Limitations

Exploit works with Yahoo! Messenger 8.1.0.195 and requires a user to load the exploit page.

Platforms

Windows

Back to exploit index