CVE-2014-7216
NONE EPSS 93.2%
Published Sep 11, 201510y ago · Modified Jun 17, 20262w ago
Published Sep 11, 2015 10y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
Threat Intelligence
EPSS Exploit Probability
93.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| yahoo | messenger | * | ≤11.5.0.228 |
References 6
- packetstormsecurity.com http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html
- seclists.org http://seclists.org/fulldisclosure/2015/Sep/24
- securityfocus.com http://www.securityfocus.com/archive/1/536390/100/0/threaded
- securitytracker.com http://www.securitytracker.com/id/1033544
- hackerone.com https://hackerone.com/reports/10767
- rcesecurity.com https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.