Vulnerability Details : CVE-2007-3147
Public exploit exists!
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-3147
- cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.1.0.249:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:2.0.1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3147
86.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-3147
-
Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow
Disclosure Date: 2007-06-05First seen: 2020-04-26exploit/windows/browser/yahoomessenger_serverThis module exploits a stack buffer overflow in the Yahoo! Webcam Upload ActiveX Control (ywcupl.dll) provided by Yahoo! Messenger version 8.1.0.249. By sending an overly long string to the "Server()" method, and then calling the "Send()" method, an attacker may be
CVSS scores for CVE-2007-3147
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-3147
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3147
-
http://messenger.yahoo.com/security_update.php?id=060707
Patch
-
http://www.vupen.com/english/advisories/2007/2094
-
http://www.securitytracker.com/id?1018203
-
https://www.exploit-db.com/exploits/4042
-
http://research.eeye.com/html/advisories/upcoming/20070605.html
Vendor Advisory
-
http://www.securityfocus.com/bid/24354
Exploit
-
http://www.securityfocus.com/archive/1/470861/100/0/threaded
-
http://securityreason.com/securityalert/2809
-
http://www.securityfocus.com/bid/24341
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html
Exploit
-
http://research.eeye.com/html/advisories/published/AD20070608.html
Vendor Advisory
-
http://securitytracker.com/id?1018204
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34758
-
http://www.kb.cert.org/vuls/id/949817
US Government Resource
Jump to