Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability

info
discussion
exploit
solution
references

Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.

UPDATE (August 11, 2008): Symantec has detected active exploit attempts in the wild.

The following exploit code is available:

/data/vulnerabilities/exploits/25727.html