Unrated severityNVD Advisory· Published Sep 11, 2015· Updated May 6, 2026

CVE-2014-7216

Description

Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.

Affected products

Yahoo/Messenger
cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*
Range: <=11.5.0.228

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/nvdExploit
packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.htmlnvd
seclists.org/fulldisclosure/2015/Sep/24nvd
www.securityfocus.com/archive/1/536390/100/0/threadednvd
www.securitytracker.com/id/1033544nvd
hackerone.com/reports/10767nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000