-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
Yahoo! Fixes IM Flaws
Written on June 11, 2007
Leave a Comment
|
Yahoo! has just released a new version of its instant messenger product.
In the current version, attackers can malicious code to harm target machines with minimal user interaction. It is recommended that anyone running Yahoo! Instant Messenger upgrade to the latest version to defend against this vulnerability. All computers running old versions of Yahoo! instant messenger should also update to the latest version.
The problem concerns the Yahoo Webcam Upload ActiveX control (ywcupl.dll) which attackers could use to cause a stack-based buffer overlow by assigning a long string to the “server” property then calling the “send()” or “receive()” method. Upgrading the product will replace the vulnerable *.dll file.
R