Lucene search

[email protected]CVE-2004-0043

HistoryFeb 03, 2004 - 5:00 a.m.

CVE-2004-0043

2004-02-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

yahoo

instant messenger

buffer overflow

cve-2004-0043

denial of service

remote code execution

nvd

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.

CPENameOperatorVersion
yahoo:messengeryahoo messengerle5.6.0.1351

CPE	Name	Operator	Version
yahoo:messenger	yahoo messenger	le	5.6.0.1351

References

lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html

marc.info/?l=bugtraq&m=107357996802255&w=2

secunia.com/advisories/10573

www.osvdb.org/3437

www.securityfocus.com/bid/9383

www.securitytracker.com/id?1008651

exchange.xforce.ibmcloud.com/vulnerabilities/14171

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON