CVE-2009-4171

Yahoo! Messenger <9.0.0.2162 - DoS

Title source: llm

Description

An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.

Exploits (2)

exploitdb WORKING POC VERIFIED

by HACKATTACK · textdoswindows

https://www.exploit-db.com/exploits/10092

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by HACKATTACK · xmldoswindows

https://www.exploit-db.com/exploits/33350

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/37007

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54263

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507818/100/0/threaded

Scores

EPSS 0.0315

EPSS Percentile 86.7%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

yahoo/messenger

Timeline

Published Dec 02, 2009

Tracked Since Feb 18, 2026