CVE-2007-3148

EXPLOITED

Yahoo! Messenger - Buffer Overflow via Webcam Viewer ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-3148 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Excepti0n.

AI-analyzed exploit summary This exploit targets a vulnerability in Yahoo's Ywcvwr.dll ActiveX control (CVE-2007-3148) to achieve remote code execution by crafting a malicious HTML file that triggers a buffer overflow and executes shellcode to download and run an arbitrary file.

Description

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Excepti0n · cremotewindows
https://www.exploit-db.com/exploits/4052

This exploit targets a vulnerability in Yahoo's Ywcvwr.dll ActiveX control (CVE-2007-3148) to achieve remote code execution by crafting a malicious HTML file that triggers a buffer overflow and executes shellcode to download and run an arbitrary file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yahoo Ywcvwr.dll ActiveX control
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable browser with the ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Excepti0n · htmlremotewindows
https://www.exploit-db.com/exploits/4043

This exploit targets a heap overflow vulnerability in Yahoo Messenger's ywcvwr.dll via a maliciously crafted HTML file. It uses a combination of NOP sleds and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yahoo Messenger (latest version at the time, 2007)
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Yahoo Messenger
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4043
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34759
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37081
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24355
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2094
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25547
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470861/100/0/threaded
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018204
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24341
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018203
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/932217

Scores

EPSS 0.6310
EPSS Percentile 98.4%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-119
Status published
Products (6)
yahoo/messenger 2.0.1.4
yahoo/messenger 8.0
yahoo/messenger 8.0.0.863
yahoo/messenger 8.0.1
yahoo/messenger 8.0_2005.1.1.4
yahoo/messenger 8.1.0.249
Published Jun 11, 2007
Tracked Since Feb 18, 2026