Yahoo.Messenger.Webcam.Upload.Viewer.ActiveX.Buffer.Overflow

Release Date Jun 11, 2007
Severity low
Impact System compromise, remote code execution.
Description The Yahoo! Webcam ActiveX Control has multiple buffer overflow vulnerabilities. A remote attacker could execute arbitrary code on a vulnerable system via a malformed web page.
Affected Products Yahoo! Messenger version 8.1.0.249 and prior.
Recommended Actions Upgrade to the latest version, available from the web site. http://messenger.yahoo.com/download.php
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2007-3147 CVE-2007-3148
Reference/s http://www.securityfocus.com/bid/24341 (BugTraq) http://www.securityfocus.com/bid/24354 (BugTraq) http://www.securityfocus.com/bid/24355 (BugTraq) http://www.frsirt.com/english/advisories/2007/2094 (FrSIRT)

Fortinet