GCVE - cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*

part: a version: 5.5 update: *

Vendor	Yahoo (`0dc01c4f-a37d-56de-8e72-74e1c6cb3fab`)
Product	Messenger (`a48c261f-e43a-5937-a657-6b9f53c3f699`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-0268`	vulnerable	2026-06-03 14:31:35.179545	Details available Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. Published: 2012-01-19T15:00:00.000Z Updated: 2024-09-17T01:46:26.816Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0868`	vulnerable	2026-06-03 14:27:58.223679	Details available Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2007-02-09T19:00:00.000Z Updated: 2024-08-07T12:34:21.130Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/22407 http://osvdb.org/34696	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6603`	vulnerable	2026-06-03 14:27:53.681406	Details available Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Published: 2006-12-15T22:00:00.000Z Updated: 2024-08-07T20:33:59.472Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1017387 http://www.securityfocus.com/bid/21607 http://www.kb.cert.org/vuls/id/901852 http://www.vupen.com/english/advisories/2006/5016 http://messenger.yahoo.com/security_update.php?id=120806	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1671`	vulnerable	2026-06-03 14:26:59.912513	Details available The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. Published: 2005-05-19T04:00:00.000Z Updated: 2024-08-07T21:59:23.523Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=111643475210982&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1618`	vulnerable	2026-06-03 14:26:59.762073	Details available The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server. Published: 2005-05-16T04:00:00.000Z Updated: 2024-08-07T21:59:23.506Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=111601904204055&w=2 http://www.securityfocus.com/bid/13626 http://www.osvdb.org/16816	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0737`	vulnerable	2026-06-03 14:26:51.401953	Details available Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. Published: 2005-03-13T05:00:00.000Z Updated: 2024-09-17T02:01:33.428Z Open on db.gcve.eu Reference links http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html http://www.securityfocus.com/bid/12750	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0243`	vulnerable	2026-06-03 14:26:49.878903	Details available Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions. Published: 2005-02-18T05:00:00.000Z Updated: 2024-08-07T21:05:25.023Z Open on db.gcve.eu Reference links http://secunia.com/advisories/13712 http://secunia.com/secunia_research/2005-2/advisory/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0242`	vulnerable	2026-06-03 14:26:49.876346	Details available The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. Published: 2005-02-18T05:00:00.000Z Updated: 2024-08-07T21:05:25.268Z Open on db.gcve.eu Reference links http://secunia.com/advisories/11815 http://secunia.com/secunia_research/2004-6/advisory/ http://messenger.yahoo.com/security/update6.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2361`	vulnerable	2026-06-03 14:26:23.880731	Details available The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. Published: 2007-10-29T19:00:00.000Z Updated: 2024-09-17T01:20:44.264Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/9984.php http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html http://www.securityfocus.com/bid/5579	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.