- 28 May 2008Advisories » Yahoo! Assistant "yNotifier.dll" ActiveX Control Remote Memory Corruption Vulnerability
| Release Date: | 09/05/2008 | Severity: | Highly Critical  |
| SecWatch Advisory: | SWID1021139 | Cause: | Not specified |
| Solution Status: | Vendor Patch | Impact: | Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | Yahoo! Assistant 3.x | ||
| Original Advisory: | http://secway.org/advisory/AD20080506EN.txt |
||
| CVE: | CVE-2008-2111 | ||
| Secunia: | SA30115 | ||
| Bugtraq ID: | BID#29065 | ||
Description:
A vulnerability in Yahoo! Assistant has been reported, which can be exploited by remote users to compromise a user's system.
An error exists when instantiating the "yNotifier.dll" ActiveX control, which can be exploited to execute arbitrary code by e.g. tricking a user to visit a malicious website.
Affected:
Yahoo! Assistant version 3.6. Other versions may also be affected.
Solution:
The vulnerability has been reportedly fixed, please contact the vendor for further information.
Credits:
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.