5 matches found
CVE-2007-6228
The CVE-2007-6228 issue is a stack-based buffer overflow in the yt.ythelper.2 ActiveX control used by Yahoo! Toolbar 1.4.1. A long argument to the c() method can remotely trigger a denial of service (browser crash). Public documentation notes no patch from the vendor at the time of reports; users...
CVE-2007-6535
CVE-2007-6535 describes a buffer overflow in Yahoo! Toolbar’s YShortcut ActiveX control (YShortcut.dll 2006.8.15.1). The overflow is triggered by a long string passed to the IsTaggedBM method, potentially allowing arbitrary code execution. Sources consistently identify this as a Yahoo! Toolbar Ac...
CVE-2017-2253
CVE-2017-2253 describes an untrusted DLL search path flaw in the Yahoo! Toolbar installer for Internet Explorer (version 8.0.0.6 and earlier). The root cause is insecure DLL loading (CWE-427) via the installer, which can allow arbitrary code execution with the invoking user’s privileges. Public s...
CVE-2013-6853
The CVE-2013-6853 entry describes a Cross-Site Scripting (XSS) vulnerability in the clickstream.js component of the Y! Toolbar Firefox plugin. Affected products are Y! Toolbar for Firefox on Mac (version 3.1.0.20130813024103) and Windows (version 2.5.9.2013418100420). The flaw allows remote attac...
CVE-2012-2647
CVE-2012-2647 affects Yahoo! Toolbar for Chrome and Safari up to version 1.0.0.5. The vulnerability allows remote attackers to modify the toolbar’s configured search URL and intercept search terms via a specially crafted web page. Root cause: improper handling of the search URL/input leads to lea...