Yahoo!.Messenger.CYFT.Object.Arbitrary.File.Download
Description
This indicates an attempt to exploit an arbitrary file download vulnerability in Yahoo! Messenger.
The vulnerability is caused by Yahoo! Messenger's failure to check the parameters passed to the "GetFile()" method within the FT60.DLL ActiveX control. It allows remote attackers to download arbitrary files via a crafted web page.
Affected Products
Yahoo! Messenger 8.1.0.421
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-04 | 16.956 | Name:Yahoo. Messenger. CYFT. Object. Arbitrary. File. Download:Yahoo!. Messenger. CYFT. Object. Arbitrary. File. Download |