Attackers could exploit a Yahoo Widgets flaw to run
malicious code on compromised Windows machines, but
Yahoo has released a security update to fix
it.
Yahoo Widgets is a platform that allows users to run small,
Web-based services on computer desktops. According to the Yahoo Web
site, the Widget Gallery offers users more than 4,000 desktop
Widgets and the program works on both Windows and Mac OS X
machines. The
security flaw, discovered by vulnerability researcher Parvez
Anwar, affects Windows users only and is caused by a boundary error
within an ActiveX control that's built into the program.
Attackers can exploit this to cause a stack-based buffer
overflow by passing an overly long string (greater than 512 bytes)
to the affected method, Danish vulnerability clearinghouse
Secunia said in an advisory. Specifically, the
firm said, the problem is a boundary error within the
YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the
"GetComponentVersion()" method.
Secunia rated the flaw highly critical because successful
attackers can run malicious code on compromised computers. The firm
recommended users update to Yahoo Widgets version 4.0.5.
In its security advisory, Yahoo said users running a version of
Yahoo! Widgets obtained before July 20, 2007 on a Windows PC need
to download the updated version.
Of the potential damage, Yahoo said, "Some impacts of a buffer
overflow might include the introduction of executable code and the
crash of an application such as Internet Explorer. For this
specific security issue, these impacts could only be possible if an
attacker is successful in prompting someone to view malicious HTML
code, most likely executed by getting a person to visit their Web
page."