7 lines
No EOL
664 B
Text
7 lines
No EOL
664 B
Text
source: Yahoo! Messenger File Transfer Buffer Overrun Vulnerability
|
|
|
|
Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the victim user must then accept. This will reportedly result in an access violation error, which is likely due to memory corruption.
|
|
|
|
An attacker may theoretically exploit this condition to execute arbitrary code on a client system. This condition can be exploited via a malicious 'sendfile' link.
|
|
|
|
YMSGR:sendfile?[victim_yahooID]+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&c%c:\[somefile] |