CVE-2005-0243

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/13712	Patch Vendor Advisory
http://secunia.com/secunia_research/2005-2/advisory/	Patch Vendor Advisory
http://secunia.com/advisories/13712	Patch Vendor Advisory
http://secunia.com/secunia_research/2005-2/advisory/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:yahoo:messenger:5.5:::::::*
	cpe:2.3:a:yahoo:messenger:5.6:::::::*
	cpe:2.3:a:yahoo:messenger:5.6.0.1351:::::::*
	cpe:2.3:a:yahoo:messenger:6.0:::::::*
	cpe:2.3:a:yahoo:messenger:6.0.0.1750:::::::*

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/13712 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/13712 - Patch, Vendor Advisory
References	~~() http://secunia.com/secunia_research/2005-2/advisory/ - Patch, Vendor Advisory~~	() http://secunia.com/secunia_research/2005-2/advisory/ - Patch, Vendor Advisory

Information

Published : 2005-02-17 05:00

Updated : 2024-11-20 23:54

NVD link : CVE-2005-0243

Mitre link : CVE-2005-0243

CVE.ORG link : CVE-2005-0243

JSON object : View

Products Affected

yahoo

messenger

CWE

NVD-CWE-Other

{"id": "CVE-2005-0243", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-02-17T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/13712", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/secunia_research/2005-2/advisory/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13712", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/secunia_research/2005-2/advisory/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."}], "lastModified": "2024-11-20T23:54:42.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yahoo:messenger:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "349A209F-6609-4809-B228-E84623FA268D"}, {"criteria": "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92465439-530F-435E-976F-491AD3C56944"}, {"criteria": "cpe:2.3:a:yahoo:messenger:5.6.0.1351:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38232D5E-568C-4CFA-BA01-C35939D68AB2"}, {"criteria": "cpe:2.3:a:yahoo:messenger:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8EE7278-FFAD-489B-BDCC-BF6BA8D5DF0C"}, {"criteria": "cpe:2.3:a:yahoo:messenger:6.0.0.1750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0595ECE8-C876-441F-B90A-FC8D80BA1034"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}