Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow Vulnerability

ID ZDI-07-012
Type zdi
Reporter Peter Vreugdenhil
Modified 2007-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Yahoo Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists within the ActiveX control Yahoo.AudioConf:

DLL: yacscom.dll
CLSID: 2B323CD9-50E3-11D3-9466-00A0C9700498

When large values are specified for the 'socksHostname' and 'hostname' properties, and the createAndJoinConference() method is called, a stack overflow occurs. Exploitation can result in code execution under the context of the current user.