Home > Security News > Yahoo fixes messenger flaws
Security News:
EMAIL THIS

Yahoo fixes messenger flaws

By SearchSecurity.com Staff
11 Jun 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

The latest version of Yahoo Messenger fixes serious flaws attackers could exploit to run malicious code on targeted machines. The update comes as security experts track increased instances of exploit code in the wild.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned of additional Yahoo exploits on its Web site Sunday. ISC handler Bojan Zdrnja wrote on the site that Yahoo Messenger users should upgrade as soon as possible. "Alternatively," he said, "you can set the kill bits for the affected ActiveX controls."

Yahoo Messenger:
Serious flaws put Yahoo Messenger users in peril: Attackers could exploit two serious flaws in Yahoo Messenger to run malicious code on targeted machines, vulnerability trackers warned Wednesday.

The flaws first came to light last week, when Aliso Viejo, Calif.-based eEye Digital Security released an advisory about "multiple flaws within Yahoo Messenger which allow for remote execution of arbitrary code with minimal user interaction."

Danish vulnerability clearinghouse Secunia took the description a few steps further in its advisory, saying the problems are a boundary error within the Yahoo Webcam Upload (ywcupl.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "send()" method; and a boundary error within the Yahoo Webcam Viewer (ywcvwr.dll) ActiveX control attackers could exploit to cause a stack-based buffer overflow by assigning an overly long string to the "server" property and then calling the "receive()" method.

The flaws affect version 8.1.0.249, Secunia said. The firm recommended users mitigate the risk by setting the kill bit for the affected ActiveX controls or, better yet, installing the updated version of Yahoo Messenger.



Tags: IM Security Issues, Risks and ToolsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
IM Security Issues, Risks and Tools
What are effective ways to stop instant messaging (IM) spam?
Secure messaging complications result in limited protection
Is it possible to ban chat programs on an enterprise LAN?
How to lock down instant messaging in the enterprise
AOL closes AIM attack vector, but risks remain
Researcher says AIM still vulnerable, AOL insists it's fixed
Serious security flaw in AOL Instant Messenger
Security flaws found in AOL, Yahoo IM programs
Flaw found in MSN Messenger
AOL, Yahoo, Trillian IM applications under threat

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
greynet  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts