##############################################################################
#
#  Yahoo! Messenger Arbitrary Browser Navigation Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/07/31
#
#  $Revision: 1.1 $
#
#  $Log: os2a_yahoomsg_browser_navigation_606028.nasl,v $
#  Revision 1.1  2006/08/02 08:40:13  shraddha
#  To Production Issue #2838
#
#
#  Revision 1.1  2006/07/31 09:07:54  nashwini
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(606028);
 script_bugtraq_id(19211);
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 script_name(english:"Yahoo! Messenger Arbitrary Browser Navigation Vulnerability");
 script_summary(english:"Check for vulnerable version of Yahoo! Messenger");
 desc["english"] = "
 Overview : This host has Yahoo! Messenger installed which is prone to
 browser navigation vulnerability.

 This issue is due to the failure of the application to sanitize malicious
 messages which may permit a remote attacker to open a browser window on
 the victim user's computer to an arbitrary page.

 Impact : Successful exploitation can allow attackers to open a malicious
 web browser and load an arbitrary web page.

 Scope of impact is restricted to application/system level.

 Affected Software : Yahoo! Messenger versions 7.x upto 7.5.0.814.
                    
 Affected Platform : Windows (any).

 Solution : No vendor supplied patch/update available as on 31 July 2006.
 Information regarding this issue will be updated once the solution details
 are available.
 http://messenger.yahoo.com/

 References : http://www.securityfocus.com/bid/19211/discuss

 CVSS Score :
	CVSS Base Score     : 4.2 (AV:R/AC:L/Au:R/C:P/I:P/A:P/B:N)
	CVSS Temporal Score : 3.8
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("smb_hotfixes.nasl", "os2a_yahoomsg_version_600289.nasl");
 script_require_keys("SMB/WindowsVersion", "Yahoo/Messenger/Version");
 exit(0);
}


 if(!get_kb_item("SMB/WindowsVersion")){
        exit(0);
 }

 version = get_kb_item("Yahoo/Messenger/Version");
 if(!version){
 	exit(0);
 }

 yahooVer = split(version, sep:'.', keep:FALSE);

 if((yahooVer[0] == "7" && yahooVer[1] <= "4") ||
    (yahooVer[0] == "7" && yahooVer[1] == "5" &&
     yahooVer[2] == "0" && yahooVer[3] <= "814")){
 	security_warning(0);
 }