CVE-2007-4034

Yahoo! Installer Plugin for Widgets <2007.7.13.3 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by lhoang8500 · htmlremotewindows

https://www.exploit-db.com/exploits/4250

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018470

[Patch, Vendor Advisory] http://secunia.com/advisories/26011

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2679

[Exploit, Patch] http://www.securityfocus.com/bid/25086

[Third Party Advisory, VDB Entry] http://osvdb.org/37705

[Patch, Vendor Advisory] http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html

[US Government Resource] http://www.kb.cert.org/vuls/id/120760

Scores

EPSS 0.3122

EPSS Percentile 96.8%

Details

CWE

CWE-119

Status published

Products (1)

yahoo/widgets < 4.0.5

Published Jul 27, 2007

Tracked Since Feb 18, 2026