Yahoo! Messenger YVerInfo.DLL ActiveX Control Multiple Buffer Overflow Weaknesses

Yahoo! Messenger YVerInfo.DLL ActiveX Control Multiple Buffer Overflow Weaknesses

Yahoo! Messenger is prone to multiple buffer-overflow weaknesses because it fails to bounds-check user-supplied data before copying it into insufficiently sized buffers.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts likely result in denial-of-service conditions.

These issues affect Yahoo! Messenger 8.1; other versions may also be affected.