CVE-2003-1129

Yahoo! Audio Conferencing ActiveX Control - Buffer Overflow via Long Hostname URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1129. PoCs published by cesaro.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in the Yahoo! Voice Chat ActiveX control by passing an overly long string to the 'hostname' property, potentially leading to arbitrary code execution.

Description

Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cesaro · htmlremotewindows

https://www.exploit-db.com/exploits/22593

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in the Yahoo! Voice Chat ActiveX control by passing an overly long string to the 'hostname' property, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Yahoo! Voice Chat ActiveX control (clsid:2B323CD9-50E3-11D3-9466-00A0C9700498)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled

MITRE ATT&CK