CVE-2002-2361 Information

Description

The installer in Yahoo! Messenger 4.0 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html http://www.iss.net/security_center/static/9984.php http://www.securityfocus.com/bid/5579