CVE-2008-2111

The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secway.org/advisory/AD20080506EN.txt
http://www.securityfocus.com/bid/29065
http://www.securitytracker.com/id?1020004
http://secunia.com/advisories/30115
http://www.vupen.com/english/advisories/2008/1471/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42233

Configurations

Configuration 1 (hide)

cpe:2.3:a:yahoo:yahoo_assistant:*:*:*:*:*:*:*:*

Information

Published : 2008-05-07 16:20

Updated : 2017-08-07 18:30

NVD link : CVE-2008-2111

Mitre link : CVE-2008-2111

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

yahoo

yahoo_assistant

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secway.org/advisory/AD20080506EN.txt", "name": "http://secway.org/advisory/AD20080506EN.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/29065", "name": "29065", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1020004", "name": "1020004", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/30115", "name": "30115", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/1471/references", "name": "ADV-2008-1471", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42233", "name": "yahoo-assistant-ynotifier-code-execution(42233)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2111", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-05-07T23:20Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:yahoo:yahoo_assistant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}

9.3 /10