CVE-2003-1135

Yahoo! Messenger 5.6 - Denial of Service via File Send Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1135. PoCs published by Hat-Squad Security Team.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Yahoo! Messenger's file transfer feature by sending a malformed 'sendfile' request with an excessively long string. Successful exploitation could lead to arbitrary code execution on the victim's system.

Description

Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hat-Squad Security Team · textdoswindows
https://www.exploit-db.com/exploits/23293

This exploit leverages a buffer overflow in Yahoo! Messenger's file transfer feature by sending a malformed 'sendfile' request with an excessively long string. Successful exploitation could lead to arbitrary code execution on the victim's system.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Yahoo! Messenger (versions affected by CVE-2003-1135)
No auth needed
Prerequisites: Victim must accept the malicious 'sendfile' request
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/342472
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8894

Scores

EPSS 0.0452
EPSS Percentile 90.4%

Details

Status published
Products (1)
yahoo/messenger 5.6
Published Dec 31, 2003
Tracked Since Feb 18, 2026