Overview
Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "set_buddygrp" field of Yahoo! Messenger.
Description
A remotely exploitable buffer overflow exists in the "set_buddygrp" field that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. It is possible to crash the Yahoo! Messenger client by overflowing the "set_buddygrp" field. |
Impact
Exploitation of this vulnerability crashes the application, resulting in a denial-of-service condition. However, this vulnerability is a buffer overflow, and may allow the execution of arbitrary code on the local system with the privileges of the current user. |
Solution
This vulnerability was fixed by a sever-side resolution in February 2002. No user action is required. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Adam Lang.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | None |
| CERT Advisory: | CA-2002-16 |
| Severity Metric: | 22.78 |
| Date Public: | 2002-02-26 |
| Date First Published: | 2002-06-05 |
| Date Last Updated: | 2002-06-05 21:08 UTC |
| Document Revision: | 22 |