YMSG: Spoofed Filename
This signature detects files with long and obfuscate names sent through Yahoo Instant Messenger. Attackers can hide the file type from the user, making it difficult to determine whether the file is safe to open.
Extended Description
A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names. An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences. It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.
Affected Products
Yahoo! messenger
Short Name
CHAT:YIM:OVERFLOW:SPOOFED-NAME
Severity
Minor
Recommended
False
Recommended Action
None
Category
CHAT
Keywords
CVE-2005-0243 Filename Spoofed bid:12587
Release Date
04/21/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Yahoo!
CVSS Score
5.0