Attackers could exploit two serious flaws in Yahoo Messenger to run malicious code on targeted machines, multiple...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
security firms warned Wednesday.
Aliso Viejo, Calif.-based eEye Digital Security said in an advisory that "multiple flaws exist within Yahoo Messenger which allow for remote execution of arbitrary code with minimal user interaction."
Danish vulnerability clearinghouse Secunia took the description a few steps further in its advisory, saying the problems are a boundary error within the Yahoo Webcam Upload (ywcupl.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "send()" method; and a boundary error within the Yahoo Webcam Viewer (ywcvwr.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "receive()" method.
The flaws affect version 18.104.22.168, Secunia said. The firm recommended users mitigate the risk by setting the kill bit for the affected ActiveX controls.