Vulnerability Description
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yahoo | Messenger | <= 8.1.0.413 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591PatchVendor Advisory
- http://messenger.yahoo.com/security_update.php?id=082907Patch
- http://osvdb.org/37739
- http://secunia.com/advisories/26579PatchVendor Advisory
- http://securityreason.com/securityalert/3083
- http://securitytracker.com/id?1018628
- http://www.securityfocus.com/bid/25494
- http://www.vupen.com/english/advisories/2007/3011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36363
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591PatchVendor Advisory
- http://messenger.yahoo.com/security_update.php?id=082907Patch
- http://osvdb.org/37739
- http://secunia.com/advisories/26579PatchVendor Advisory
- http://securityreason.com/securityalert/3083
- http://securitytracker.com/id?1018628
FAQ
What is CVE-2007-4515?
CVE-2007-4515 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via...
How severe is CVE-2007-4515?
CVE-2007-4515 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4515?
Check the references section above for vendor advisories and patch information. Affected products include: Yahoo Messenger.