CVE-2002-2361

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yahoo:messenger:4.0:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:5.0:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:43

Type Values Removed Values Added
References () http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html - () http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html -
References () http://www.iss.net/security_center/static/9984.php - () http://www.iss.net/security_center/static/9984.php -
References () http://www.securityfocus.com/bid/5579 - () http://www.securityfocus.com/bid/5579 -

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:43


NVD link : CVE-2002-2361

Mitre link : CVE-2002-2361

CVE.ORG link : CVE-2002-2361


JSON object : View

Products Affected

yahoo

  • messenger
CWE
CWE-264

Permissions, Privileges, and Access Controls