CVE-2007-4391
CVE-2007-4391
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/30500unverifiedexploitdbwww.exploit-db.com/exploits/4335unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/38221http://secunia.com/advisories/26501https://exchange.xforce.ibmcloud.com/vulnerabilities/36115https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/http://www.kb.cert.org/vuls/id/515968http://www.securityfocus.com/bid/25330http://www.securitytracker.com/id?1018586http://www.team509.com/expyahoo.rarhttp://www.vupen.com/english/advisories/2007/2917