Yahoo! Messenger 'YahooBridgeLib.dll' ActiveX Control DOS Vulnerability Network Vulnerability

Summary

This host is installed with Yahoo! Messenger and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation will allow remote attackers to cause Denial of Service condition on the affected applicaion. Impact Level: Application

Solution

Upgrade to Yahoo! Messenger version 10.0.0.1270 or later For updates refer to http://messenger.yahoo.com/download/

Insight

The flaw is due to a NULL pointer dereference error in 'RegisterMe()' method in 'YahooBridgeLib.dll', which can be exploited by causing victim to visit a specially crafted Web page.

Affected

Yahoo! Messenger version 9.x to 9.0.0.2162 on Windows.

References

http://www.securityfocus.com/archive/1/archive/1/507818/100/0/threaded
http://xforce.iss.net/xforce/xfdb/54263

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4171
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ddrLPD Remote Denial of Service Vulnerability
Cherokee POST request DoS
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
ArGoSoft FTP Server XCWD Overflow
Apple iTunes Multiple Vulnerabilities

Take action and discover your vulnerabilities