Vulnerability Description
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yahoo | Messenger | <= 8.0 |
References
- http://messenger.yahoo.com/security_update.php?id=120806PatchVendor Advisory
- http://secunia.com/advisories/23401PatchVendor Advisory
- http://securitytracker.com/id?1017387Patch
- http://www.kb.cert.org/vuls/id/901852PatchUS Government Resource
- http://www.securityfocus.com/bid/21607Patch
- http://www.vupen.com/english/advisories/2006/5016
- http://messenger.yahoo.com/security_update.php?id=120806PatchVendor Advisory
- http://secunia.com/advisories/23401PatchVendor Advisory
- http://securitytracker.com/id?1017387Patch
- http://www.kb.cert.org/vuls/id/901852PatchUS Government Resource
- http://www.securityfocus.com/bid/21607Patch
- http://www.vupen.com/english/advisories/2006/5016
FAQ
What is CVE-2006-6603?
CVE-2006-6603 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some ...
How severe is CVE-2006-6603?
CVE-2006-6603 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6603?
Check the references section above for vendor advisories and patch information. Affected products include: Yahoo Messenger.