GCVE - cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Yahoo (`0dc01c4f-a37d-56de-8e72-74e1c6cb3fab`)
Product	Messenger (`a48c261f-e43a-5937-a657-6b9f53c3f699`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-54330`	vulnerable	2026-06-03 14:53:46.369260	Inbit Messenger 4.9.0 - Unauthenticated Remote SEH Overflow CRITICAL (9.8) Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems. Published: 2026-01-13T22:52:05.767Z Updated: 2026-03-05T01:29:41.232Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51126 https://web.archive.org/web/20200122082432/https://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-seh-overflow	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-54329`	vulnerable	2026-06-03 14:53:46.368812	Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE) CRITICAL (9.8) Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges. Published: 2026-01-13T22:52:05.350Z Updated: 2026-03-05T01:29:40.439Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51127 https://web.archive.org/web/20200122082432/https://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-command-execution-rce	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7216`	vulnerable	2026-06-03 14:34:15.279587	Details available Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. Published: 2015-09-11T20:00:00.000Z Updated: 2024-08-06T12:40:19.202Z Open on db.gcve.eu Reference links https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/ https://hackerone.com/reports/10767 http://www.securityfocus.com/archive/1/536390/100/0/threaded http://www.securitytracker.com/id/1033544 http://seclists.org/fulldisclosure/2015/Sep/24	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0268`	vulnerable	2026-06-03 14:31:35.171222	Details available Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. Published: 2012-01-19T15:00:00.000Z Updated: 2024-09-17T01:46:26.816Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4515`	vulnerable	2026-06-03 14:28:18.621859	Details available Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information. Published: 2007-08-31T22:00:00.000Z Updated: 2024-08-07T15:01:09.859Z Open on db.gcve.eu Reference links http://osvdb.org/37739 http://secunia.com/advisories/26579 https://exchange.xforce.ibmcloud.com/vulnerabilities/36363 http://messenger.yahoo.com/security_update.php?id=082907 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0768`	vulnerable	2026-06-03 14:27:57.901798	Details available Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Published: 2007-02-06T02:00:00.000Z Updated: 2024-08-07T12:34:19.794Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/22269 http://www.securityfocus.com/archive/1/458225/100/0/threaded http://www.securityfocus.com/archive/1/458305/100/0/threaded http://secunia.com/advisories/23928 http://osvdb.org/31674	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6603`	vulnerable	2026-06-03 14:27:53.679943	Details available Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Published: 2006-12-15T22:00:00.000Z Updated: 2024-08-07T20:33:59.472Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1017387 http://www.securityfocus.com/bid/21607 http://www.kb.cert.org/vuls/id/901852 http://www.vupen.com/english/advisories/2006/5016 http://messenger.yahoo.com/security_update.php?id=120806	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4975`	vulnerable	2026-06-03 14:27:44.591306	Details available Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. Published: 2006-09-25T01:00:00.000Z Updated: 2024-08-07T19:32:22.820Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/1626 http://www.securityfocus.com/archive/1/446414/100/0/threaded http://advisories.echo.or.id/adv/adv47-theday-2006.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-0043`	vulnerable	2026-06-03 14:26:33.919046	Details available Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. Published: 2004-01-14T05:00:00.000Z Updated: 2024-08-08T00:01:23.619Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=107357996802255&w=2 http://secunia.com/advisories/10573 http://www.securitytracker.com/id?1008651 http://www.securityfocus.com/bid/9383 http://www.osvdb.org/3437	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.