CVE-2007-4515

Yahoo! services suite - Buffer Overflow

Title source: llm

Description

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16522

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by minhbq · htmlremotewindows

https://www.exploit-db.com/exploits/4351

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/yahoomessenger_fvcom.rb

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591

[Patch] http://messenger.yahoo.com/security_update.php?id=082907

[Patch, Vendor Advisory] http://secunia.com/advisories/26579

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25494

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36363

[Third Party Advisory, VDB Entry] http://osvdb.org/37739

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018628

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3011

[Third Party Advisory] http://securityreason.com/securityalert/3083

Scores

EPSS 0.7247

EPSS Percentile 98.8%

Details

CWE

CWE-119

Status published

Products (1)

yahoo/messenger < 8.1.0.413

Published Aug 31, 2007

Tracked Since Feb 18, 2026