CVE-2007-3638

Yahoo! Messenger 8.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3638. PoCs published by Rajesh Sethumadhavan.

AI-analyzed exploit summary This is a writeup describing a remote buffer overflow vulnerability in Yahoo! Messenger 8.1 and prior versions. The exploit involves creating a malformed address book entry with an excessive number of 'a' characters in the email field, leading to a crash when hovered over in the application.

Description

Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Rajesh Sethumadhavan · textdoswindows
https://www.exploit-db.com/exploits/30314

This is a writeup describing a remote buffer overflow vulnerability in Yahoo! Messenger 8.1 and prior versions. The exploit involves creating a malformed address book entry with an excessive number of 'a' characters in the email field, leading to a crash when hovered over in the application.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Yahoo! Messenger 8.1 and prior
Auth required
Prerequisites: Valid Yahoo! account · Ability to create an address book entry via Yahoo! portal
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24784

Scores

EPSS 0.0244
EPSS Percentile 82.3%

Details

CWE
CWE-119
Status published
Products (1)
yahoo/messenger 8.1
Published Jul 10, 2007
Tracked Since Feb 18, 2026