Yahoo! has offered fixes for two security holes in its Yahoo!
Messenger application.
The holes could have allowed an attacker to run code of their
choice or modify content within Yahoo! Messenger on a vulnerable
PC.
The vulnerabilities affect Yahoo! Messenger version 5, 0, 0, 1061
running on Windows 98, 2000 and XP Pro.
The first vulnerability stems from a buffer overflow in the
application that could allow a specially formatted URL (Uniform
Resource Locator) to overrun the memory allocated to a number of
Yahoo! Messenger functions. Depending on the length of the URL,
Yahoo! Messenger can be crashed or can be made to run code on the
target PC.
The second flaw concerns the use of information tabs within Yahoo!
Messenger that give users one-click access to customised
information from within Messenger. A vulnerable version of Yahoo!
Messenger, used in conjunction with Microsoft's Internet Explorer
5.0 or later, can be forced by an attacker using Visual Basic
scripts or Java to create new tabs or to alter the content of
existing tabs.
An attacker could even steal the username and password of the
account being used. The patched version of Yahoo! Messenger, which
closes this hole, does so by removing the tab-adding feature
entirely.
Security vulnerabilities in instant messaging clients are becoming
more prevalent, as a handful of holes in Yahoo! rival America
Online's Instant Messenger application have been found in 2002.
Most recently, AOL closed a hole that could have allowed an
attacker to run the code of their choice on an affected PC.
The patch can be downloaded at
http://download.yahoo.com/dl/installs/ymsgr/ymsgr_1065.exe