Description
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- none
- Confidentiality
- complete
- Integrity
- complete
- Availability
- complete
- Weaknesses
- CWE-399
Metadata
- Primary Vendor
- YAHOO
- Published
- 5/7/2008
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
yahoo : yahoo_assistant
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.