CVE-2007-3148

Published: Jun 11, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.

Affected (6)

Products: Yahoo: Messenger

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Yahoo Messenger	Version 2.0.1.4
Yahoo Messenger	Version 8.0.0.863
Yahoo Messenger	Version 8.0.1
Yahoo Messenger	Version 8.0
Yahoo Messenger	Version 8.0_2005.1.1.4
Yahoo Messenger	Version 8.1.0.249

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (30)

http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html

Source: cve@mitre.org

Exploit

http://messenger.yahoo.com/security_update.php?id=060707

Source: cve@mitre.org

Patch

http://osvdb.org/37081

Source: cve@mitre.org

http://research.eeye.com/html/advisories/published/AD20070608.html

Source: cve@mitre.org

Vendor Advisory

http://research.eeye.com/html/advisories/upcoming/20070605.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25547

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1018204

Source: cve@mitre.org

Exploit

http://www.kb.cert.org/vuls/id/932217

Source: cve@mitre.org

PatchUS Government Resource

http://www.securityfocus.com/archive/1/470861/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24341

Source: cve@mitre.org

http://www.securityfocus.com/bid/24355

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1018203

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2094

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34759

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4043

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://messenger.yahoo.com/security_update.php?id=060707

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://osvdb.org/37081

Source: af854a3a-2127-422b-91ae-364da2661108

http://research.eeye.com/html/advisories/published/AD20070608.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://research.eeye.com/html/advisories/upcoming/20070605.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/25547

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1018204

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.kb.cert.org/vuls/id/932217

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.securityfocus.com/archive/1/470861/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24341

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24355

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1018203

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2094

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34759

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/4043

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.