CVE-2007-4515

critical

Description

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36363

http://www.vupen.com/english/advisories/2007/3011

http://www.securityfocus.com/bid/25494

http://securitytracker.com/id?1018628

http://securityreason.com/securityalert/3083

http://secunia.com/advisories/26579

http://osvdb.org/37739

http://messenger.yahoo.com/security_update.php?id=082907

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591

Details

Source: Mitre, NVD

Published: 2007-08-31

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical