Yahoo! Messenger ActiveX Control Buffer Overflows

Status
Not open for further replies.
muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,739
Reaction score
1,204
Description:
Some vulnerabilities have been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors within the YVerInfo.GetInfo.1 and YVerInfo.GetInfo2.1 ActiveX controls (YVerInfo.dll) when handling the "fvCom()" and "info()" methods. These can be exploited to cause stack-based buffer overflows by passing specially-crafted, overly long arguments to the affected methods.

Successful exploitation allows execution of arbitrary code, but requires a malicious web page is in a domain that contains a ".yahoo." substring in the subdomain of the TLD (e.g. via a cross-site scripting vulnerability or by manipulating the DNS resolution).
Click to expand...
http://secunia.com/advisories/26579/

Solution:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php


:user:
 
Status
Not open for further replies.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Vulnerabilities galore in AV programs 0
IE keyframe() Meathod Vulnerability 1
[OT] MS Windows Color Management Module Buffer Overflow 1
FireFox vulnerabilities FYI 25
Microsoft PowerPoint Code Execution Vulnerability 12
Advisories and vulnerability comparison: Windows 98(se) vs Windows XPhome 33
Secunia 7
Multiple vulnerabilities in Mozilla products 1

Top