Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "set_buddygrp" field of Yahoo! Messenger.
A remotely exploitable buffer overflow exists in the "set_buddygrp" field that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. It is possible to crash the Yahoo! Messenger client by overflowing the "set_buddygrp" field.
Exploitation of this vulnerability crashes the application, resulting in a denial-of-service condition. However, this vulnerability is a buffer overflow, and may allow the execution of arbitrary code on the local system with the privileges of the current user.
This vulnerability was fixed by a sever-side resolution in February 2002. No user action is required.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Vendor has issued information
__ Sort by: Status Alphabetical
Notified: May 31, 2002 Updated: June 05, 2002
This issue was resolved on the Yahoo! Messsenger servers on 26-Feb-2002. Users do not need to take any action to protect themselves from this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Group | Score | Vector
Base | |
Temporal | |
Environmental | |
This vulnerability was discovered by Adam Lang.
This document was written by Jason Rafail.
CVE IDs: | None
CERT Advisory: | CA-2002-16
Severity Metric: | 22.78
Date Public: | 2002-02-26
Date First Published: | 2002-06-05
Date Last Updated: | 2002-06-05 21:08 UTC
Document Revision: | 22