This host is installed with Yahoo! Messenger and is prone to integer overflow vulnerability.

Successful exploitation will allow remote attackers to a heap-based buffer overflow via a specially crafted JPG file. Impact Level: Application

Upgrade to Yahoo! Messenger version 11.5.0.155 or later For updates refer to http://messenger.yahoo.com/download/

The flaw is due to an integer overflow error in the 'CYImage::LoadJPG()' method (YImage.dll) when allocating memory using the image dimension values.

Yahoo! Messenger version prior to 11.5.0.155 on Windows.

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0268
• http://secunia.com/advisories/47041

---

Updated on 2015-03-25