• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Yahoo! Messenger YMailAttach ActiveX Control Remote Buffer Overflow Vulnerability

Bugtraq ID:	21607
Class:	Boundary Condition Error
CVE:	CVE-2006-6603
Remote:	Yes
Local:	No
Published:	Dec 15 2006 12:00AM
Updated:	Jan 02 2007 11:11PM
Credit:	Peter Vreugdenhil reported this vulnerability to iDefense Labs.
Vulnerable:	Yahoo! Messenger 8.0 Yahoo! Messenger 7.5 .814 Yahoo! Messenger 7.0 .438 Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Yahoo! Messenger 8.0.0.863
Not Vulnerable:	Yahoo! Messenger 8.0 2005.1.1.4