| Vulnerability Name: | CCN-15937 | ||||||
| Published: | 2004-04-22 | ||||||
| Updated: | 2004-04-22 | ||||||
| Summary: | Yahoo! Messenger is vulnerable to a denial of service, caused by a vulnerability in the yinsthelper.dll. The COM objects, YInstStarter.1, and YSearchSetting2, are registered by yinsthelper.dll. A remote attacker can supply a long string to the AppId, DesktopIcon or Test property of the object or to the Start2 or the Set function of the object to cause Yahoo! Messenger to crash. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Apr 22 2004 - 05:11:37 CDT Yahoo! Messenger 5.6 - Multiple Remote Crashes(yinsthelper.dll) Source: CCN Type: Yahoo! Messenger Web site Yahoo! Messenger Source: CCN Type: BID-10199 Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN yahoo-messenger-yinsthelper-dos(15937) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||