zbeng Posted March 16, 2007 Report Share Posted March 16, 2007 A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an error in the YMailAttach ActiveX control when handling the TextETACalculating property. This can be exploited to cause a heap-based buffer overflow by setting an overly long string to the said property.Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into visiting a malicious web site.The vulnerability is reported in version 8.0 and 7.5. Other versions may also be affected.***Discovered by Peter Vreugdenhil and reported via iDefense Labs.Yahoo! Messenger Unspecified ActiveX Control Buffer Overflow - Advisories - Secuniahttp://secunia.com/advisories/23401/Security Update - Yahoo! Messengerhttp://messenger.yahoo.com/security_update.php?id=120806YEAHBAH!!! Quote Link to comment Share on other sites More sharing options...