This Metasploit module exploits a stack overflow in the Yahoo! Messenger ActiveX Control (YVerInfo.dll <= 2006.8.24.1). By sending a overly long string to the "fvCom()" method from a yahoo.com domain, an attacker may be able to execute arbitrary code.
a76b958fa9f3bc0e42dcb4fab126c3f9a6d022bf2e8a2f5a5f673c69ab372031
iDefense Security Advisory 08.30.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Yahoo Inc.'s Yahoo! Messenger 8.1 allows attackers to execute arbitrary code with the privileges of the currently logged in user. iDefense has confirmed the existence of this vulnerability in version 8.1 of Yahoo Instant Messenger. Previous versions are suspected to be vulnerable as well.
85f0ed1aa30224aa168277475b87bf25b92562e627754f083ac6c72aa51e3f32