CVE-2007-4515

Yahoo! services suite - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4515. PoCs published by Metasploit, minhbq, MC, including Metasploit module exploits/windows/browser/yahoomessenger_fvcom.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Yahoo! Messenger's YVerInfo.dll ActiveX control via the fvCom() method. It delivers a payload through a malicious HTML page hosted on a yahoo.com domain, leading to arbitrary code execution.

Description

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16522

This Metasploit module exploits a stack buffer overflow in Yahoo! Messenger's YVerInfo.dll ActiveX control via the fvCom() method. It delivers a payload through a malicious HTML page hosted on a yahoo.com domain, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yahoo! Messenger (YVerInfo.dll <= 2006.8.24.1)
No auth needed
Prerequisites: Victim must visit a malicious page hosted on a yahoo.com domain · Yahoo! Messenger with vulnerable YVerInfo.dll installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by minhbq · htmlremotewindows
https://www.exploit-db.com/exploits/4351

This exploit targets a buffer overflow vulnerability in Yahoo! Messenger's YVerInfo.dll ActiveX control (CVE-2007-4515). It uses heap spraying to achieve remote code execution by triggering the vulnerable 'fvcom' method with a maliciously crafted buffer.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yahoo! Messenger (YVerInfo.dll <= 2007.8.27.1)
No auth needed
Prerequisites: Victim must visit a malicious webpage · Yahoo! Messenger with vulnerable YVerInfo.dll installed · DNS manipulation to bypass domain restriction
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/yahoomessenger_fvcom.rb

This Metasploit module exploits a stack buffer overflow in Yahoo! Messenger's YVerInfo.dll ActiveX control via the fvCom() method. It delivers a crafted payload through an HTML page hosted on a yahoo.com domain, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Yahoo! Messenger (YVerInfo.dll <= 2006.8.24.1)
No auth needed
Prerequisites: Victim must visit a malicious page hosted on a yahoo.com domain · ActiveX control must be enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37739
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26579
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36363
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3083
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018628
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25494
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3011

Scores

EPSS 0.7061
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (1)
yahoo/messenger < 8.1.0.413
Published Aug 31, 2007
Tracked Since Feb 18, 2026