Yahoo! Messenger YMMAPI.YMailAttach ActiveX (ymmapi.dll) Overflow

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer vulnerability.

Description :

The remote host contains a version of the 'YMailAttach' ActiveX
control included with Yahoo! Messenger.

The version of this ActiveX control on the remote host reportedly has
an unspecified buffer overflow. If an attacker can trick a user on the
affected host into visiting a specially crafted web page, he may be
able to leverage this issue to execute arbitrary code on the host
subject to the user's privileges.

See also :

http://www.nessus.org/u?8fb047d0

Solution :

Update to the latest version of Yahoo! Messenger.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 23870 ()

Bugtraq ID: 21607

CVE ID: CVE-2006-6603

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now