Vulnerability Description
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yahoo | Messenger | 5.5 |
References
- http://messenger.yahoo.com/security/update6.html
- http://secunia.com/advisories/11815Patch
- http://secunia.com/secunia_research/2004-6/advisory/ExploitPatchVendor Advisory
- http://messenger.yahoo.com/security/update6.html
- http://secunia.com/advisories/11815Patch
- http://secunia.com/secunia_research/2004-6/advisory/ExploitPatchVendor Advisory
FAQ
What is CVE-2005-0242?
CVE-2005-0242 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program dire...
How severe is CVE-2005-0242?
CVE-2005-0242 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0242?
Check the references section above for vendor advisories and patch information. Affected products include: Yahoo Messenger.