CVE-2008-2111

Yahoo! Assistant < 3.6 - Remote Code Execution via Ynoifier COM Object

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2111. PoCs published by Sowhat.

AI-analyzed exploit summary The provided code is a minimal HTML snippet demonstrating the vulnerable ActiveX control CLSID for Yahoo! Assistant. It lacks executable exploit logic but references CVE-2008-2111, a memory corruption vulnerability in 'yNotifier.dll'.

Description

The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

Exploits (1)

exploitdb STUB VERIFIED
by Sowhat · textdoswindows
https://www.exploit-db.com/exploits/31748

The provided code is a minimal HTML snippet demonstrating the vulnerable ActiveX control CLSID for Yahoo! Assistant. It lacks executable exploit logic but references CVE-2008-2111, a memory corruption vulnerability in 'yNotifier.dll'.

Classification
Stub 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Yahoo! Assistant <= 3.6
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30115
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1471/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42233
Vendor Advisory x_refsource_misc
http://secway.org/advisory/AD20080506EN.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020004
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29065

Scores

EPSS 0.0539
EPSS Percentile 91.6%

Details

CWE
CWE-399
Status published
Products (1)
yahoo/yahoo_assistant < 3.6
Published May 07, 2008
Tracked Since Feb 18, 2026