Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability

The Audio Conferencing ActiveX control shipped with Yahoo! Messenger is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

Yahoo! Messenger versions released prior to March 13, 2007 are vulnerable to this issue.