GCVE - cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*

part: a version: 5.0 update: *

Vendor	Yahoo (`0dc01c4f-a37d-56de-8e72-74e1c6cb3fab`)
Product	Messenger (`a48c261f-e43a-5937-a657-6b9f53c3f699`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-0268`	vulnerable	2026-06-03 14:31:35.177559	Details available Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. Published: 2012-01-19T15:00:00.000Z Updated: 2024-09-17T01:46:26.816Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0868`	vulnerable	2026-06-03 14:27:58.221770	Details available Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2007-02-09T19:00:00.000Z Updated: 2024-08-07T12:34:21.130Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/22407 http://osvdb.org/34696	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6603`	vulnerable	2026-06-03 14:27:53.680655	Details available Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Published: 2006-12-15T22:00:00.000Z Updated: 2024-08-07T20:33:59.472Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1017387 http://www.securityfocus.com/bid/21607 http://www.kb.cert.org/vuls/id/901852 http://www.vupen.com/english/advisories/2006/5016 http://messenger.yahoo.com/security_update.php?id=120806	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0737`	vulnerable	2026-06-03 14:26:51.400392	Details available Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. Published: 2005-03-13T05:00:00.000Z Updated: 2024-09-17T02:01:33.428Z Open on db.gcve.eu Reference links http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html http://www.securityfocus.com/bid/12750	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2361`	vulnerable	2026-06-03 14:26:23.880212	Details available The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. Published: 2007-10-29T19:00:00.000Z Updated: 2024-09-17T01:20:44.264Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/9984.php http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html http://www.securityfocus.com/bid/5579	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1665`	vulnerable	2026-06-03 14:26:17.214983	Details available Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. Published: 2005-05-28T04:00:00.000Z Updated: 2024-08-08T03:34:55.665Z Open on db.gcve.eu Reference links http://www.cert.org/advisories/CA-2002-16.html http://marc.info/?l=bugtraq&m=101439616623230&w=2 http://www.kb.cert.org/vuls/id/755755	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1664`	vulnerable	2026-06-03 14:26:17.214709	Details available Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information. Published: 2005-05-28T04:00:00.000Z Updated: 2024-08-08T03:34:55.719Z Open on db.gcve.eu Reference links http://www.cert.org/advisories/CA-2002-16.html http://marc.info/?l=bugtraq&m=101439616623230&w=2 http://www.kb.cert.org/vuls/id/393195	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0321`	vulnerable	2026-06-03 14:26:13.972549	Details available Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks. Published: 2002-05-03T04:00:00.000Z Updated: 2024-08-08T02:42:29.169Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/8267.php http://www.cert.org/advisories/CA-2002-16.html http://marc.info/?l=bugtraq&m=101439616623230&w=2 http://www.kb.cert.org/vuls/id/952875 http://www.securityfocus.com/bid/4164	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0320`	vulnerable	2026-06-03 14:26:13.972234	Details available Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field. Published: 2002-05-03T04:00:00.000Z Updated: 2024-08-08T02:42:29.167Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/4162 http://www.kb.cert.org/vuls/id/887319 http://www.cert.org/advisories/CA-2002-16.html http://marc.info/?l=bugtraq&m=101439616623230&w=2 http://www.kb.cert.org/vuls/id/419419	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0032`	vulnerable	2026-06-03 14:26:13.106628	Details available Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T02:35:17.488Z Open on db.gcve.eu Reference links http://www.cert.org/advisories/CA-2002-16.html http://online.securityfocus.com/archive/1/274223 http://www.securityfocus.com/bid/4838 http://www.kb.cert.org/vuls/id/172315 http://www.iss.net/security_center/static/9184.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0031`	vulnerable	2026-06-03 14:26:13.106231	Details available Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. Published: 2002-06-11T04:00:00.000Z Updated: 2024-08-08T02:35:17.601Z Open on db.gcve.eu Reference links http://www.cert.org/advisories/CA-2002-16.html http://www.kb.cert.org/vuls/id/137115 http://online.securityfocus.com/archive/1/274223 http://www.securityfocus.com/bid/4837	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.