Yahoo fixes Messenger flaw

By SearchSecurity.com Staff 04 Apr 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

According to the French Security Incident Response Team (FrSIRT), the problem is a buffer overflow error in the "AudioConf" ActiveX control (yacscom.dll) that surfaces when overly long arguments are passed along via the "createAndJoinConference()" method. Attackers could exploit this to run arbitrary commands by tricking a user into visiting a specially crafted Web page.

Yahoo Messenger 8 is affected, and users are advised to download the latest version.

Tags: IM Security Issues, Risks and Tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greynet  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary