Jump to content
zbeng

Yahoo Messenger --* Vulnerable

By zbeng, in Off-topic

Recommended Posts

zbeng Newbie

zbeng

Posted
Posted

A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the YMailAttach ActiveX control when handling the TextETACalculating property. This can be exploited to cause a heap-based buffer overflow by setting an overly long string to the said property.

Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into visiting a malicious web site.

The vulnerability is reported in version 8.0 and 7.5. Other versions may also be affected.

***Discovered by Peter Vreugdenhil and reported via iDefense Labs.

Yahoo! Messenger Unspecified ActiveX Control Buffer Overflow - Advisories - Secunia

http://secunia.com/advisories/23401/

Security Update - Yahoo! Messenger

http://messenger.yahoo.com/security_update.php?id=120806

YEAHBAH!!!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...