CVE-2012-0268: Buffer Overflow
First published: Thu Jan 19 2012(Updated: )
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yahoo Messenger | <=11.5.0.152 | |
| Yahoo Messenger | =0.99.17-1 | |
| Yahoo Messenger | =1.0 | |
| Yahoo Messenger | =1.0.4 | |
| Yahoo Messenger | =1.0.6 | |
| Yahoo Messenger | =2.0.1.4 | |
| Yahoo Messenger | =3.0 | |
| Yahoo Messenger | =3.0.1 | |
| Yahoo Messenger | =3.0.1-beta-35554 | |
| Yahoo Messenger | =3.5 | |
| Yahoo Messenger | =4.0 | |
| Yahoo Messenger | =4.1 | |
| Yahoo Messenger | =5.0 | |
| Yahoo Messenger | =5.0.1046 | |
| Yahoo Messenger | =5.0.1065 | |
| Yahoo Messenger | =5.0.1232 | |
| Yahoo Messenger | =5.5 | |
| Yahoo Messenger | =5.5.1249 | |
| Yahoo Messenger | =5.6 | |
| Yahoo Messenger | =5.6.0.1347 | |
| Yahoo Messenger | =5.6.0.1351 | |
| Yahoo Messenger | =5.6.0.1355 | |
| Yahoo Messenger | =5.6.0.1356 | |
| Yahoo Messenger | =5.6.0.1358 | |
| Yahoo Messenger | =6.0 | |
| Yahoo Messenger | =6.0.0.1643 | |
| Yahoo Messenger | =6.0.0.1750 | |
| Yahoo Messenger | =6.0.0.1921 | |
| Yahoo Messenger | =6.1 | |
| Yahoo Messenger | =7.0 | |
| Yahoo Messenger | =7.0.0.426 | |
| Yahoo Messenger | =7.0.0.437 | |
| Yahoo Messenger | =7.0.438 | |
| Yahoo Messenger | =7.5 | |
| Yahoo Messenger | =7.5.0.814 | |
| Yahoo Messenger | =8.0 | |
| Yahoo Messenger | =8.0.0.505 | |
| Yahoo Messenger | =8.0.0.508 | |
| Yahoo Messenger | =8.0.0.701 | |
| Yahoo Messenger | =8.0.0.716 | |
| Yahoo Messenger | =8.0.0.863 | |
| Yahoo Messenger | =8.0.1 | |
| Yahoo Messenger | =8.0_2005.1.1.4 | |
| Yahoo Messenger | =8.1 | |
| Yahoo Messenger | =8.1.0.195 | |
| Yahoo Messenger | =8.1.0.209 | |
| Yahoo Messenger | =8.1.0.239 | |
| Yahoo Messenger | =8.1.0.244 | |
| Yahoo Messenger | =8.1.0.249 | |
| Yahoo Messenger | =8.1.0.401 | |
| Yahoo Messenger | =8.1.0.402 | |
| Yahoo Messenger | =8.1.0.413 | |
| Yahoo Messenger | =8.1.0.416 | |
| Yahoo Messenger | =8.1.0.419 | |
| Yahoo Messenger | =8.1.0.421 | |
| Yahoo Messenger | =9.0.0.797-beta | |
| Yahoo Messenger | =9.0.0.907-beta | |
| Yahoo Messenger | =9.0.0.922-beta | |
| Yahoo Messenger | =9.0.0.1389-beta | |
| Yahoo Messenger | =9.0.0.1912 | |
| Yahoo Messenger | =9.0.0.2018 | |
| Yahoo Messenger | =9.0.0.2034 | |
| Yahoo Messenger | =9.0.0.2112 | |
| Yahoo Messenger | =9.0.0.2123 | |
| Yahoo Messenger | =9.0.0.2128 | |
| Yahoo Messenger | =9.0.0.2133 | |
| Yahoo Messenger | =9.0.0.2136 | |
| Yahoo Messenger | =9.0.0.2152 | |
| Yahoo Messenger | =9.0.0.2160 | |
| Yahoo Messenger | =9.0.0.2161 | |
| Yahoo Messenger | =9.0.0.2162 | |
| Yahoo Messenger | =10.0.0.331-pre-alpha | |
| Yahoo Messenger | =10.0.0.525-beta | |
| Yahoo Messenger | =10.0.0.542-beta | |
| Yahoo Messenger | =10.0.0.1102 | |
| Yahoo Messenger | =10.0.0.1241 | |
| Yahoo Messenger | =10.0.0.1258 | |
| Yahoo Messenger | =10.0.0.1264 | |
| Yahoo Messenger | =10.0.0.1267 | |
| Yahoo Messenger | =10.0.0.1270 | |
| Yahoo Messenger | =11.0.0.1751 | |
| Yahoo Messenger | =11.0.0.2009 | |
| Yahoo Messenger | =11.0.0.2014 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0268?
CVE-2012-0268 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2012-0268?
To fix CVE-2012-0268, update Yahoo Messenger to version 11.5.0.155 or later where the vulnerability has been patched.
Which versions of Yahoo Messenger are affected by CVE-2012-0268?
CVE-2012-0268 affects Yahoo Messenger versions prior to 11.5.0.155.
What type of vulnerability is CVE-2012-0268?
CVE-2012-0268 is an integer overflow vulnerability leading to a heap-based buffer overflow.
Can CVE-2012-0268 be exploited through image files?
Yes, CVE-2012-0268 can be exploited by sending a specially crafted JPG image to a vulnerable version of Yahoo Messenger.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/yahoo
- canonical/yahoo messenger
- version/yahoo messenger/11.5.0.152
- version/yahoo messenger/0.99.17-1
- version/yahoo messenger/1.0
- version/yahoo messenger/1.0.4
- version/yahoo messenger/1.0.6
- version/yahoo messenger/2.0.1.4
- version/yahoo messenger/3.0
- version/yahoo messenger/3.0.1
- version/yahoo messenger/3.0.1-beta-35554
- version/yahoo messenger/3.5
- version/yahoo messenger/4.0
- version/yahoo messenger/4.1
- version/yahoo messenger/5.0
- version/yahoo messenger/5.0.1046
- version/yahoo messenger/5.0.1065
- version/yahoo messenger/5.0.1232
- version/yahoo messenger/5.5
- version/yahoo messenger/5.5.1249
- version/yahoo messenger/5.6
- version/yahoo messenger/5.6.0.1347
- version/yahoo messenger/5.6.0.1351
- version/yahoo messenger/5.6.0.1355
- version/yahoo messenger/5.6.0.1356
- version/yahoo messenger/5.6.0.1358
- version/yahoo messenger/6.0
- version/yahoo messenger/6.0.0.1643
- version/yahoo messenger/6.0.0.1750
- version/yahoo messenger/6.0.0.1921
- version/yahoo messenger/6.1
- version/yahoo messenger/7.0
- version/yahoo messenger/7.0.0.426
- version/yahoo messenger/7.0.0.437
- version/yahoo messenger/7.0.438
- version/yahoo messenger/7.5
- version/yahoo messenger/7.5.0.814
- version/yahoo messenger/8.0
- version/yahoo messenger/8.0.0.505
- version/yahoo messenger/8.0.0.508
- version/yahoo messenger/8.0.0.701
- version/yahoo messenger/8.0.0.716
- version/yahoo messenger/8.0.0.863
- version/yahoo messenger/8.0.1
- version/yahoo messenger/8.0_2005.1.1.4
- version/yahoo messenger/8.1
- version/yahoo messenger/8.1.0.195
- version/yahoo messenger/8.1.0.209
- version/yahoo messenger/8.1.0.239
- version/yahoo messenger/8.1.0.244
- version/yahoo messenger/8.1.0.249
- version/yahoo messenger/8.1.0.401
- version/yahoo messenger/8.1.0.402
- version/yahoo messenger/8.1.0.413
- version/yahoo messenger/8.1.0.416
- version/yahoo messenger/8.1.0.419
- version/yahoo messenger/8.1.0.421
- version/yahoo messenger/9.0.0.797-beta
- version/yahoo messenger/9.0.0.907-beta
- version/yahoo messenger/9.0.0.922-beta
- version/yahoo messenger/9.0.0.1389-beta
- version/yahoo messenger/9.0.0.1912
- version/yahoo messenger/9.0.0.2018
- version/yahoo messenger/9.0.0.2034
- version/yahoo messenger/9.0.0.2112
- version/yahoo messenger/9.0.0.2123
- version/yahoo messenger/9.0.0.2128
- version/yahoo messenger/9.0.0.2133
- version/yahoo messenger/9.0.0.2136
- version/yahoo messenger/9.0.0.2152
- version/yahoo messenger/9.0.0.2160
- version/yahoo messenger/9.0.0.2161
- version/yahoo messenger/9.0.0.2162
- version/yahoo messenger/10.0.0.331-pre-alpha
- version/yahoo messenger/10.0.0.525-beta
- version/yahoo messenger/10.0.0.542-beta
- version/yahoo messenger/10.0.0.1102
- version/yahoo messenger/10.0.0.1241
- version/yahoo messenger/10.0.0.1258
- version/yahoo messenger/10.0.0.1264
- version/yahoo messenger/10.0.0.1267
- version/yahoo messenger/10.0.0.1270
- version/yahoo messenger/11.0.0.1751
- version/yahoo messenger/11.0.0.2009
- version/yahoo messenger/11.0.0.2014