Vulnerability Name:

CVE-2008-2111 (CCN-42233)

Assigned:2008-05-06
Published:2008-05-06
Updated:2017-08-08
Summary:The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue May 06 2008 - 07:59:20 CDT
Yahoo! Assistant (3721) ActiveX Remote Code Execution Vulnerability

Source: CCN
Type: Yahoo! Assistant Web site
Yahoo! Assistant

Source: MITRE
Type: CNA
CVE-2008-2111

Source: CCN
Type: SA30115
Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution

Source: SECUNIA
Type: UNKNOWN
30115

Source: CCN
Type: SECTRACK ID: 1020004
Yahoo! Assistant 'ynotifier.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code

Source: MISC
Type: UNKNOWN
http://secway.org/advisory/AD20080506EN.txt

Source: CCN
Type: OSVDB ID: 44852
Yahoo! Assistant ActiveX (yNotifier.dll) Ynotifier COM Object Arbitrary Code Execution

Source: BID
Type: UNKNOWN
29065

Source: CCN
Type: BID-29065
Yahoo! Assistant 'yNotifier.dll' ActiveX Control Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020004

Source: VUPEN
Type: UNKNOWN
ADV-2008-1471

Source: XF
Type: UNKNOWN
yahoo-assistant-ynotifier-code-execution(42233)

Source: XF
Type: UNKNOWN
yahoo-assistant-ynotifier-code-execution(42233)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:yahoo:yahoo_assistant:*:*:*:*:*:*:*:* (Version <= 3.6)

    • * Denotes that component is vulnerable
    BACK
    yahoo yahoo assistant *