Vulnerabilities > CVE-2005-0243 - Unspecified vulnerability in Yahoo Messenger

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

yahoo

NVD

Published: 2005-02-17

Updated: 2008-09-05

Summary

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.

Vulnerable Configurations

Part	Description	Count
Application	Yahoo Yahoo Messenger 5.5 Yahoo Messenger 5.6 Yahoo Messenger 5.6.0.1351 Yahoo Messenger 6.0 Yahoo Messenger 6.0.0.1750	5

References

http://secunia.com/advisories/13712
http://secunia.com/secunia_research/2005-2/advisory/