Yahoo: >> Messenger >> 11.0.0.2014 Security Vulnerabilities
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
CVSS Score
9.3
EPSS Score
0.056
Published
2015-09-11
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
CVSS Score
5.1
EPSS Score
0.016
Published
2012-01-19
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
CVSS Score
2.6
EPSS Score
0.003
Published
2006-09-25