-
Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
Disclosure Date: 2007-08-30First seen: 2020-04-26exploit/windows/browser/yahoomessenger_fvcomThis module exploits a stack buffer overflow in the Yahoo! Messenger ActiveX Control (YVerInfo.dll <= 2006.8.24.1). By sending an overly long string to the "fvCom()" method from a yahoo.com domain, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> -
Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow
Disclosure Date: 2007-06-05First seen: 2020-04-26exploit/windows/browser/yahoomessenger_serverThis module exploits a stack buffer overflow in the Yahoo! Webcam Upload ActiveX Control (ywcupl.dll) provided by Yahoo! Messenger version 8.1.0.249. By sending an overly long string to the "Server()" method, and then calling the "Send()" method, an attacker may be able to execute arbitrary code. Using the payloads "windows/shell_bind_tcp" and "windows/shell_reverse_tcp" yield for the best results. Authors: - MC <mc@metasploit.com>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details