VDB
CVE-2007-4391
CVE-2007-4391
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
EPSS 16.07% · 94.9th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
16.07%
94.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| yahoo | messenger | 8.1.0.413 |
Timeline
- Aug 17, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- ADV-2007-2917 vdb
- yahoo-messenger-webcam-bo(36115) vdb
- VU#515968 third-party-advisory
- http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/ url
- http://www.team509.com/expyahoo.rar url
- 26501 third-party-advisory
- 25330 vdb
- 38221 vdb
- 1018586 vdb
- https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=64639&page=1#entry321749 url
- https://nvd.nist.gov/vuln/detail/CVE-2007-4391 advisory
- http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day url