Yahoo! Messenger < CYImage::LoadJPG Method JPG File Handling Remote Integer Overflow

Medium Nessus Plugin ID 58000


The instant messaging application on the remote Windows host is affected by an integer overflow vulnerability.


The version of Yahoo! Messenger installed on the remote host is earlier than and is reportedly affected by an integer overflow. The error exists in the method 'CYImage::LoadJPG' in the file 'YImage.dll'.

A remote attacker could execute arbitrary code by tricking a user into accepting a crafted JPG image that triggers the overflow.

Note that the photo sharing functionality is not enabled by default.


Upgrade to Yahoo! Messenger version or later.

Plugin Details

Severity: Medium

ID: 58000

File Name: yahoo_msgr_11_5_0_155.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2012/02/17

Modified: 2012/02/20

Dependencies: 11432

Risk Information

Risk Factor: Medium


Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:yahoo:messenger

Required KB Items: SMB/Yahoo/Messenger/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/01/12

Vulnerability Publication Date: 2012/01/13

Reference Information

CVE: CVE-2012-0268

BID: 51405

OSVDB: 78292

Secunia: 47041