Intrusion Prevention

Yahoo.Messenger.Webcam.Upload.Viewer.ActiveX.Buffer.Overflow

Description

The Yahoo! Webcam ActiveX Control has multiple buffer overflow vulnerabilities. A remote attacker could execute arbitrary code on a vulnerable system via a malformed web page.

Affected Products

Yahoo! Messenger version 8.1.0.249 and prior.

Impact

System compromise, remote code execution.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://messenger.yahoo.com/download.php

CVE References

CVE-2007-3147 CVE-2007-3148