Yahoo Widgets is a platform that allows users to run small, Web-based services on computer desktops. According to the Yahoo Web site, the Widget Gallery offers users more than 4,000 desktop Widgets and the program works on both Windows and Mac OS X machines. The security flaw, discovered by vulnerability researcher Parvez Anwar, affects Windows users only and is caused by a boundary error within an ActiveX control that's built into the program.
Attackers can exploit this to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method, Danish vulnerability clearinghouse Secunia said in an advisory. Specifically, the firm said, the problem is a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion()" method.
Secunia rated the flaw highly critical because successful attackers can run malicious code on compromised computers. The firm recommended users update to Yahoo Widgets version 4.0.5.
In its security advisory, Yahoo said users running a version of Yahoo! Widgets obtained before July 20, 2007 on a Windows PC need to download the updated version.
Of the potential damage, Yahoo said, "Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their Web page."