Yahoo! Widgets ActiveX control GetComponentVersion buffer overflow

Added: 08/03/2007
CVE: CVE-2007-4034
BID: 25086
OSVDB: 37705

Background

Yahoo! Widgets is desktop software which runs any number of small, real-time, Internet applications called widgets.

Problem

A buffer overflow vulnerability in the YDPCTL ActiveX Control allows command execution when a user loads a web page which calls the GetComponentVersion method with a specially crafted argument.

Resolution

Upgrade to Yahoo! Widgets 4.0.5 or higher.

References

http://secunia.com/advisories/26011

Limitations

Exploit works on Yahoo! Widgets 4.0.3 build 178.

Platforms

Windows

Back to exploit index