CVE-2007-5017

Yahoo Messenger 8.1.0.421 - Path Traversal and Arbitrary File Write via CYFT ActiveX GetFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5017. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages a vulnerable `GetFile()` method in Yahoo! Messenger's `ft60.dll` to arbitrarily download files to a user's system. The PoC uses VBScript to trigger the download via an ActiveX object, demonstrating a remote file download vulnerability.

Description

Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4428

View Code ZIP pw:eip

This exploit leverages a vulnerable `GetFile()` method in Yahoo! Messenger's `ft60.dll` to arbitrarily download files to a user's system. The PoC uses VBScript to trigger the download via an ActiveX object, demonstrating a remote file download vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Yahoo! Messenger 8.1.0.421

No auth needed

Prerequisites: Internet Explorer with ActiveX enabled · User interaction (clicking a button)

MITRE ATT&CK