Name:
Yahoo.Widgets.YDP.ActiveX.Control.Command.Executio
Released Date:
Jul 31 2007
Severity:
critical
CVE:
2007-4034

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates a vulnerability in Yahoo! Widgets. The vulnerability is caused by a stack based buffer overflow in the "GetComponentVersion()" method within the YDPCTL.dll ActiveX control. It allows remote attackers to cause a denial of service via a crafted web page.
 
Impact
Denial of service.
 
Affected Products
Yahoo! Widgets versions prior to 4.0.5
Aliases
Yahoo.Widgets.YDP.ActiveX.Control.Command.Execution
-Tag.Yahoo.Widgets.YDP.ActiveX.Control.Command.Execution.B
-Tag.Yahoo.Widgets.YDP.ActiveX.Control.Command.Execution
References
http://www.frsirt.com/english/advisories/2007/2679
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4034
http://help.yahoo.com/l/us/yahoo/widgets/security/security-08.html#
http://secunia.com/advisories/26011/
http://milw0rm.com/exploits/4250
Recommended Actions
Currently we are not aware of any official fix for this issue.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED