EIP-2026-116634

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116634. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Yahoo! Messenger COM objects (YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2) by assigning excessively long strings to properties like AppId, DesktopIcon, and Test. The PoC uses JavaScript to trigger the overflow, potentially leading to remote code execution or denial of service.

Description

Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textdoswindows

https://www.exploit-db.com/exploits/24042

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Yahoo! Messenger COM objects (YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2) by assigning excessively long strings to properties like AppId, DesktopIcon, and Test. The PoC uses JavaScript to trigger the overflow, potentially leading to remote code execution or denial of service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Yahoo! Messenger (COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Yahoo! Messenger with vulnerable COM objects installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details