Yahoo! Messenger Message Field Remote Overflow

high Nessus Network Monitor Plugin ID 1266

Synopsis

The remote host is vulnerable to a buffer overflow

Description

The remote host is running Yahoo Instant Messenger. Version 5.0 of instant messenger contains a buffer overflow that may be exploited by a remote attacker by sending a message with an overly large message field. An attacker would have to craft a message of this type as Yahoo clients do not limit the size of messages sent. Exploitation of this vulnerability may allow for the execution of arbitrary code on the victim's computer.

Solution

Upgrade to the latest version of Yahoo Instant Messenger.

Plugin Details

Severity: High

ID: 1266

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:yahoo:messenger

Reference Information

CVE: CVE-2002-0320

BID: 4163, 4162