CVE-2002-0032 Information

Description

Yahoo! Messenger 5001064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.

Reference

http://online.securityfocus.com/archive/1/274223 http://www.cert.org/advisories/CA-2002-16.html http://www.iss.net/security_center/static/9184.php http://www.kb.cert.org/vuls/id/172315 http://www.securityfocus.com/bid/4838