Vulnerabilities > Yahoo > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-17 | CVE-2017-2253 | Untrusted Search Path vulnerability in Yahoo Toolbar Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2015-09-11 | CVE-2014-7216 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yahoo Messenger Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. | 9.3 |
2008-05-07 | CVE-2008-2111 | Resource Management Errors vulnerability in Yahoo Assistant The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. | 9.3 |
2007-08-31 | CVE-2007-4515 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. | 9.3 |
2007-08-17 | CVE-2007-4391 | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.413 Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. | 9.3 |
2007-07-27 | CVE-2007-4034 | Buffer Errors vulnerability in Yahoo Widgets 4.0.5 Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. | 9.3 |
2007-06-11 | CVE-2007-3147 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. | 9.3 |
2007-06-11 | CVE-2007-3148 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. | 9.3 |
2007-04-06 | CVE-2007-1680 | Remote Buffer Overflow vulnerability in Yahoo! Messenger Audio Conferencing ActiveX Control Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | 9.3 |
2006-12-15 | CVE-2006-6603 | Remote Buffer Overflow vulnerability in Yahoo! Messenger YMailAttach ActiveX Control Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |