1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA30115

Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution

Report ID: SA30115
Source: Secunia
Date of Discovery: 09.05.2008
Criticality: Urgent
Affects:
Yahoo! Assistant 3.x
Compromise From: From remote
Compromise Type: System access

Summary

Sowhat has reported a vulnerability in Yahoo! Assistant, which can be exploited by malicious people to compromise a user's system.

Detailed Description

The vulnerability is caused due to an error when instantiating the yNotifier.dll ActiveX control and can be exploited to execute arbitrary code when a user is e.g. tricked into visiting a malicious website.

The vulnerability is reported in version 3.6. Other versions may also be affected.

Solution

The vendor has reportedly issued patches.

CVE Reference

CVE-2008-2111