Messenger Security Vulnerabilities and Issues — Messenger CVE List

Lucene search

YahooMessenger

4 matches found

CVE•added 2005/02/18 5:0 a.m.•46 views

CVE-2005-0242

The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.

4.6CVSS7.1AI score0.00056EPSS

CVE•added 2007/02/06 2:28 a.m.•44 views

CVE-2007-0768

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last...

4.3CVSS5.8AI score0.00658EPSS

CVE•added 2009/12/02 7:30 p.m.•38 views

CVE-2009-4171

An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.

4.3CVSS6.8AI score0.03149EPSS

CVE•added 2002/07/26 4:0 a.m.•36 views

CVE-2002-0031

Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.

4.6CVSS7.7AI score0.21415EPSS