Unrated severityNVD Advisory· Published Apr 6, 2007· Updated Apr 23, 2026

CVE-2007-1680

Description

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

Affected products

Yahoo/Messenger5 versions
cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:yahoo:messenger:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.0.0.863:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.0_2005.1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.1.0.209:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:messenger:8.1.0.239:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

messenger.yahoo.com/security_update.phpnvdPatch
secunia.com/advisories/24742nvdPatchVendor Advisory
www.securityfocus.com/bid/23291nvdPatchVendor Advisory
www.zerodayinitiative.com/advisories/ZDI-07-012.htmlnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/388377nvdUS Government Resource
osvdb.org/34319nvd
securityreason.com/securityalert/2523nvd
www.securityfocus.com/archive/1/464607/100/0/threadednvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1219nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33408nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000