CVE-2006-6603

Published: Dec 15, 2006Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.

Affected (7)

Products: Yahoo: Messenger

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Yahoo Messenger	Up to 8.0
Yahoo Messenger	Version 5.0
Yahoo Messenger	Version 5.5
Yahoo Messenger	Version 5.6
Yahoo Messenger	Version 6.0
Yahoo Messenger	Version 7.0
Yahoo Messenger	Version 7.5

References (12)

http://messenger.yahoo.com/security_update.php?id=120806

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/23401

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1017387

Source: cve@mitre.org

Patch

http://www.kb.cert.org/vuls/id/901852

Source: cve@mitre.org

PatchUS Government Resource

http://www.securityfocus.com/bid/21607

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/5016

Source: cve@mitre.org

http://messenger.yahoo.com/security_update.php?id=120806

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/23401

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1017387

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.kb.cert.org/vuls/id/901852

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.securityfocus.com/bid/21607

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2006/5016

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.