{"edition": 1, "title": "Yahoo! Messenger YAUTO.DLL ActiveX Component Remote Overflow", "bulletinFamily": "software", "published": "2003-12-03T06:32:28", "lastseen": "2017-04-28T13:19:57", "modified": "2003-12-03T06:32:28", "reporter": "Tri Huynh(trihuynh@zeeup.com)", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:2894", "description": "## Vulnerability Description\nA remote overflow exists in Yahoo! Messenger. The 'Open()' function in the 'YAUTO.DLL' ActiveX component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Yahoo! has released a patch to address this vulnerability.\n## Short Description\nA remote overflow exists in Yahoo! Messenger. The 'Open()' function in the 'YAUTO.DLL' ActiveX component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://messenger.yahoo.com/\n[Vendor Specific Advisory URL](http://messenger.yahoo.com/security/update4.html)\nSecurity Tracker: 1008362\n[Secunia Advisory ID:10342](https://secuniaresearch.flexerasoftware.com/advisories/10342/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/3206.html\nISS X-Force ID: 13889\nBugtraq ID: 9145\n", "affectedSoftware": [{"name": "Yahoo! Messenger", "version": "5.6.0.1347", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 1.4, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": 1.4}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:2894"}

{}