CVE-2007-5396

Miranda IM 0.7.1 - Remote Code Execution via Format String in Yahoo Buddy Authorization

Title source: llm

Description

Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38362

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3823

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27402

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26389

Vendor Advisory x_refsource_misc

http://secunia.com/secunia_research/2007-89/advisory/

Product x_refsource_confirm

http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l

Scores

EPSS 0.0247

EPSS Percentile 82.4%

Details

CWE

CWE-134

Status published

Products (1)

miranda-im/miranda_im 0.7.1

Published Nov 10, 2007

Tracked Since Feb 18, 2026