Yahoo! Messenger < 126.96.36.199 CYImage::LoadJPG Method JPG File Handling Remote Integer Overflow
Medium Nessus Plugin ID 58000
SynopsisThe instant messaging application on the remote Windows host is affected by an integer overflow vulnerability.
DescriptionThe version of Yahoo! Messenger installed on the remote host is earlier than 188.8.131.52 and is reportedly affected by an integer overflow. The error exists in the method 'CYImage::LoadJPG' in the file 'YImage.dll'.
A remote attacker could execute arbitrary code by tricking a user into accepting a crafted JPG image that triggers the overflow.
Note that the photo sharing functionality is not enabled by default.
SolutionUpgrade to Yahoo! Messenger version 184.108.40.206 or later.