VDB
CVE-2007-1680
CVE-2007-1680
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
EPSS 43.32% · 97.6th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
43.32%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| yahoo | messenger | 8.1.0.209, 8.1.0.239, 8.0 |
| n/a | n/a | n/a |
Timeline
- Apr 3, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- yahoo-yahooaudioconf-activex-bo(33408) vdb
- 23291 vdb
- 24742 third-party-advisory
- VU#388377 third-party-advisory
- http://www.zerodayinitiative.com/advisories/ZDI-07-012.html url
- 2523 third-party-advisory
- ADV-2007-1219 vdb
- 34319 vdb
- 1017867 vdb
- http://messenger.yahoo.com/security_update.php?id=031207 url
- 20070403 ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2007-1680 advisory