Yahoo Messenger Webcam Viewer ActiveX control buffer overflow

Added: 06/08/2007
CVE: CVE-2007-3148
BID: 24355
OSVDB: 37081

Background

Yahoo! Messenger is an instant messaging application. It includes the Webcam Viewer ActiveX control which is provided by ywcvwr.dll.

Problem

A buffer overflow vulnerability in the Yahoo! Messenger Webcam Viewer ActiveX control allows command execution when a user loads an attacker's HTML page.

Resolution

Install the latest version of Yahoo! Messenger.

References

http://www.kb.cert.org/vuls/id/949817
http://messenger.yahoo.com/security_update.php?id=060707

Limitations

Exploit works on Yahoo! Messenger 8.1.0.244 and requires a user to load the exploit page into Internet Explorer.

Platforms

Windows

Back to exploit index