Vulnerability Description
Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yahoo | Widgets | <= 4.0.5 |
Related Weaknesses (CWE)
References
- http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.htmlPatchVendor Advisory
- http://osvdb.org/37705
- http://secunia.com/advisories/26011PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/120760US Government Resource
- http://www.securityfocus.com/bid/25086ExploitPatch
- http://www.securitytracker.com/id?1018470
- http://www.vupen.com/english/advisories/2007/2679
- http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.htmlPatchVendor Advisory
- http://osvdb.org/37705
- http://secunia.com/advisories/26011PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/120760US Government Resource
- http://www.securityfocus.com/bid/25086ExploitPatch
- http://www.securitytracker.com/id?1018470
- http://www.vupen.com/english/advisories/2007/2679
FAQ
What is CVE-2007-4034?
CVE-2007-4034 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remot...
How severe is CVE-2007-4034?
CVE-2007-4034 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4034?
Check the references section above for vendor advisories and patch information. Affected products include: Yahoo Widgets.