Yahoo fixes Messenger flaw

Attackers could exploit a flaw in Yahoo Messenger to hijack targeted machines, but a fix is available.

Yahoo has has fixed a Yahoo Messenger flaw attackers could exploit to hijack targeted machines.

According to the French Security Incident Response Team (FrSIRT), the problem is a buffer overflow error in the "AudioConf" ActiveX control (yacscom.dll) that surfaces when overly long arguments are passed along via the "createAndJoinConference()" method. Attackers could exploit this to run arbitrary commands by tricking a user into visiting a specially crafted Web page.

Yahoo Messenger 8 is affected, and users are advised to download the latest version.

Dig deeper on Social media security risks and real-time communication security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close