CVE-2005-1671

Published: May 19, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.

Affected (4)

Products: Yahoo: Messenger

Yahoo

1 product

Messenger

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Yahoo Messenger	Version 5.5
Yahoo Messenger	Version 5.6.0.1351
Yahoo Messenger	Version 5.6
Yahoo Messenger	Version 6.0

References (2)

http://marc.info/?l=bugtraq&m=111643475210982&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=111643475210982&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.