CVE-2007-4391

Yahoo! Messenger 8.1.0.413 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4391. PoCs published by wushi, team509.

AI-analyzed exploit summary This exploit targets Yahoo! Messenger 8.1.0.413 by injecting a malicious DLL into the process during a webcam invitation, causing a remote crash (DoS). The PoC requires compiling a DLL and manually injecting it into the local Yahoo! Messenger process.

Description

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.

Exploits (2)

exploitdb WORKING POC VERIFIED
by wushi · textdoswindows
https://www.exploit-db.com/exploits/4335

This exploit targets Yahoo! Messenger 8.1.0.413 by injecting a malicious DLL into the process during a webcam invitation, causing a remote crash (DoS). The PoC requires compiling a DLL and manually injecting it into the local Yahoo! Messenger process.

Classification
Working Poc 80%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Yahoo! Messenger 8.1.0.413
Auth required
Prerequisites: Compiled DLL · Active Yahoo! Messenger session · Webcam invitation acceptance by target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by team509 · textdoswindows
https://www.exploit-db.com/exploits/30500

The provided text describes a remote denial-of-service vulnerability in Yahoo! Messenger 8.1.0, where an attacker can crash the application. The reference links to a binary exploit (30500.rar) but no actual exploit code is included in the snippet.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Yahoo! Messenger 8.1.0
No auth needed
Prerequisites: Network access to the target running Yahoo! Messenger 8.1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2917
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36115
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/515968
Various Sources x_refsource_misc
http://www.team509.com/expyahoo.rar
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26501
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25330
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38221
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018586

Scores

EPSS 0.0931
EPSS Percentile 94.8%

Details

CWE
CWE-119 CWE-20
Status published
Products (1)
yahoo/messenger 8.1.0.413
Published Aug 17, 2007
Tracked Since Feb 18, 2026