Summary
This host is installed with Yahoo! Messenger and is prone to integer overflow vulnerability.
Impact
Successful exploitation will allow remote attackers to a heap-based buffer overflow via a specially crafted JPG file.
Impact Level: Application
Solution
Upgrade to Yahoo! Messenger version 11.5.0.155 or later For updates refer to http://messenger.yahoo.com/download/
Insight
The flaw is due to an integer overflow error in the 'CYImage::LoadJPG()' method (YImage.dll) when allocating memory using the image dimension values.
Affected
Yahoo! Messenger version prior to 11.5.0.155 on Windows.
References
Severity
Classification
-
CVE CVE-2012-0268 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities