CVE-2012-0268
Last modified
CVE-2012-0268 is a vulnerability of currently unknown severity. Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.. EPSS estimates a 1.73% chance of exploitation in the next 30 days.
Description
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Yahoo | Messenger | <= 11.5.0.152 | — |
| Yahoo | Messenger | 0.99.17-1 | — |
| Yahoo | Messenger | 1.0 | — |
| Yahoo | Messenger | 1.0.4 | — |
| Yahoo | Messenger | 1.0.6 | — |
| Yahoo | Messenger | 2.0.1.4 | — |
| Yahoo | Messenger | 3.0 | — |
| Yahoo | Messenger | 3.0.1 | — |
| Yahoo | Messenger | 3.5 | — |
| Yahoo | Messenger | 4.0 | — |
| Yahoo | Messenger | 4.1 | — |
| Yahoo | Messenger | 5.0 | — |
| Yahoo | Messenger | 5.0.1046 | — |
| Yahoo | Messenger | 5.0.1065 | — |
| Yahoo | Messenger | 5.0.1232 | — |
| Yahoo | Messenger | 5.5 | — |
| Yahoo | Messenger | 5.5.1249 | — |
| Yahoo | Messenger | 5.6 | — |
| Yahoo | Messenger | 5.6.0.1347 | — |
| Yahoo | Messenger | 5.6.0.1351 | — |
| Yahoo | Messenger | 5.6.0.1355 | — |
| Yahoo | Messenger | 5.6.0.1356 | — |
| Yahoo | Messenger | 5.6.0.1358 | — |
| Yahoo | Messenger | 6.0 | — |
| Yahoo | Messenger | 6.0.0.1643 | — |
| Yahoo | Messenger | 6.0.0.1750 | — |
| Yahoo | Messenger | 6.0.0.1921 | — |
| Yahoo | Messenger | 6.1 | — |
| Yahoo | Messenger | 7.0 | — |
| Yahoo | Messenger | 7.0.0.426 | — |
| Yahoo | Messenger | 7.0.0.437 | — |
| Yahoo | Messenger | 7.0.438 | — |
| Yahoo | Messenger | 7.5 | — |
| Yahoo | Messenger | 7.5.0.814 | — |
| Yahoo | Messenger | 8.0 | — |
| Yahoo | Messenger | 8.0.0.505 | — |
| Yahoo | Messenger | 8.0.0.508 | — |
| Yahoo | Messenger | 8.0.0.701 | — |
| Yahoo | Messenger | 8.0.0.716 | — |
| Yahoo | Messenger | 8.0.0.863 | — |
| Yahoo | Messenger | 8.0.1 | — |
| Yahoo | Messenger | 8.0_2005.1.1.4 | — |
| Yahoo | Messenger | 8.1 | — |
| Yahoo | Messenger | 8.1.0.195 | — |
| Yahoo | Messenger | 8.1.0.209 | — |
| Yahoo | Messenger | 8.1.0.239 | — |
| Yahoo | Messenger | 8.1.0.244 | — |
| Yahoo | Messenger | 8.1.0.249 | — |
| Yahoo | Messenger | 8.1.0.401 | — |
| Yahoo | Messenger | 8.1.0.402 | — |
Showing 50 of 82 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/47041Vendor Advisory
- http://secunia.com/advisories/47041Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0268?
How severe is CVE-2012-0268?
How do I fix CVE-2012-0268?
Are you affected by CVE-2012-0268?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST