Serious flaws put Yahoo Messenger users in peril

Attackers could exploit two serious flaws in Yahoo Messenger to run malicious code on targeted machines, vulnerability trackers warned Wednesday.

Attackers could exploit two serious flaws in Yahoo Messenger to run malicious code on targeted machines, multiple security firms have warned.

eEye Digital Security said in an advisory that "multiple flaws exist within Yahoo Messenger which allow for remote execution of arbitrary code with minimal user interaction."

Yahoo Messenger flaws:
April: Yahoo fixes Messenger flaw: Attackers could exploit a flaw in Yahoo Messenger to hijack targeted machines, but a fix is available.

Companies take IM threats seriously: Wesabe is a brand new money management community, whose members share tips on everything from saving on organic produce to knocking down credit card debts. It is also among the companies saying it now takes threats to IM as seriously. 

Danish vulnerability clearinghouse Secunia took the description a few steps further in its advisory, saying the problems are a boundary error within the Yahoo Webcam Upload (ywcupl.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "send()" method; and a boundary error within the Yahoo Webcam Viewer (ywcvwr.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "receive()" method.

The flaws affect version 8.1.0.249, Secunia said. The firm recommended users mitigate the risk by setting the kill bit for the affected ActiveX controls.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close