Unrated severityNVD Advisory· Published Jul 27, 2007· Updated Apr 23, 2026

CVE-2007-4034

Description

Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.

Affected products

Yahoo/Widgets
cpe:2.3:a:yahoo:widgets:*:*:*:*:*:*:*:*
Range: <=4.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

help.yahoo.com/l/us/yahoo/widgets/security/security-08.htmlnvdPatchVendor Advisory
secunia.com/advisories/26011nvdPatchVendor Advisory
www.securityfocus.com/bid/25086nvdExploitPatch
www.kb.cert.org/vuls/id/120760nvdUS Government Resource
osvdb.org/37705nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/2679nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000