Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Yahoo! Messenger - Remote hacker automatic control

Version: At least version 8.1
Technical Details:

Boundary errors in YVerInfo.dll ActiveX control, which lead to arbitrary code execution, but requires some access to a * domain to be functional. Full exploit code has been released publicly onto a number of sites.


First reported late last week by iDefense, two vulnerabilities affecting Yahoo! Messenger have been discovered that can lead to an attacker being able to take control over a vulnerable system.

Despite being able to run code of the attacker's choice, it will only compromise a system to the level of the current user. Exploit code has since been publicly released for this issue.


Update to the latest version available from Yahoo! ( Alternatively, it is possible to set the killbit for the YVerInfo.dll ActiveX control in the Registry to gain protection against this issue.




Multiple Sources

External Tracking Data:

CVE-ID: CVE-2007-4515

Social bookmark this page