CVE-2008-2111

The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30115
http://secway.org/advisory/AD20080506EN.txt
http://www.securityfocus.com/bid/29065
http://www.securitytracker.com/id?1020004
http://www.vupen.com/english/advisories/2008/1471/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42233

Configurations

Configuration 1 (hide)

cpe:2.3:a:yahoo:yahoo_assistant:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-05-07 23:20

Updated : 2017-08-08 01:30

NVD link : CVE-2008-2111

Mitre link : CVE-2008-2111

CVE.ORG link : CVE-2008-2111

JSON object : View

Products Affected

yahoo

yahoo_assistant

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2008-2111", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-05-07T23:20:00.000", "references": [{"url": "http://secunia.com/advisories/30115", "source": "cve@mitre.org"}, {"url": "http://secway.org/advisory/AD20080506EN.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29065", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020004", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1471/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42233", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption."}, {"lang": "es", "value": "El control ActiveX (yNotifier.dll) de Yahoo! Assistant versi\u00f3n 3.6 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de vectores no especificados en el objeto Ynoifier COM que provoca una corrupci\u00f3n de memoria."}], "lastModified": "2017-08-08T01:30:46.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yahoo:yahoo_assistant:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9FF9C09-6914-4C03-A9A3-59DCB58F3347", "versionEndIncluding": "3.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.3 /10