← back
CVE-2007-5017

CVE-2007-5017

EPSS 2.5%
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4428unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38296https://exchange.xforce.ibmcloud.com/vulnerabilities/36694https://www.exploit-db.com/exploits/4428http://www.securityfocus.com/bid/25727http://www.securitytracker.com/id?1018715http://www.shinnai.altervista.org/exploits/txt/TXT_KJDPaI2IlM5P9PP6N6dI.html