GCVE - cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*

part: a version: 4.0 update: *

Vendor	Yahoo (`0dc01c4f-a37d-56de-8e72-74e1c6cb3fab`)
Product	Messenger (`a48c261f-e43a-5937-a657-6b9f53c3f699`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-0268`	vulnerable	2026-06-03 14:31:35.176452	Details available Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. Published: 2012-01-19T15:00:00.000Z Updated: 2024-09-17T01:46:26.816Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0868`	vulnerable	2026-06-03 14:27:58.221727	Details available Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2007-02-09T19:00:00.000Z Updated: 2024-08-07T12:34:21.130Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/22407 http://osvdb.org/34696	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0737`	vulnerable	2026-06-03 14:26:51.399793	Details available Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. Published: 2005-03-13T05:00:00.000Z Updated: 2024-09-17T02:01:33.428Z Open on db.gcve.eu Reference links http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html http://www.securityfocus.com/bid/12750	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2361`	vulnerable	2026-06-03 14:26:23.879646	Details available The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. Published: 2007-10-29T19:00:00.000Z Updated: 2024-09-17T01:20:44.264Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/9984.php http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html http://www.securityfocus.com/bid/5579	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0322`	vulnerable	2026-06-03 14:26:13.974027	Details available Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing. Published: 2002-05-03T04:00:00.000Z Updated: 2024-08-08T02:42:29.243Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=101466489113920&w=2 http://www.securityfocus.com/bid/4173 http://marc.info/?l=bugtraq&m=101467298107635&w=2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.