CVE-2007-3147

Published: Jun 11, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.

Affected (6)

Products: Yahoo: Messenger

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Yahoo Messenger	Version 2.0.1.4
Yahoo Messenger	Version 8.0.0.863
Yahoo Messenger	Version 8.0.1
Yahoo Messenger	Version 8.0
Yahoo Messenger	Version 8.0_2005.1.1.4
Yahoo Messenger	Version 8.1.0.249

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (30)

http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html

Source: cve@mitre.org

Exploit

http://messenger.yahoo.com/security_update.php?id=060707

Source: cve@mitre.org

Patch

http://research.eeye.com/html/advisories/published/AD20070608.html

Source: cve@mitre.org

Vendor Advisory

http://research.eeye.com/html/advisories/upcoming/20070605.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25547

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/2809

Source: cve@mitre.org

http://securitytracker.com/id?1018204

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/949817

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/470861/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24341

Source: cve@mitre.org

http://www.securityfocus.com/bid/24354

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1018203

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2094

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34758

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4042

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://messenger.yahoo.com/security_update.php?id=060707

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://research.eeye.com/html/advisories/published/AD20070608.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://research.eeye.com/html/advisories/upcoming/20070605.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/25547

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/2809

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1018204

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/949817

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/470861/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24341

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24354

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1018203

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2094

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34758

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/4042

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.