Yahoo! Messenger ActiveX Control Buffer Overflows

Status
Not open for further replies.

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
Description:
Some vulnerabilities have been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors within the YVerInfo.GetInfo.1 and YVerInfo.GetInfo2.1 ActiveX controls (YVerInfo.dll) when handling the "fvCom()" and "info()" methods. These can be exploited to cause stack-based buffer overflows by passing specially-crafted, overly long arguments to the affected methods.

Successful exploitation allows execution of arbitrary code, but requires a malicious web page is in a domain that contains a ".yahoo." substring in the subdomain of the TLD (e.g. via a cross-site scripting vulnerability or by manipulating the DNS resolution).
http://secunia.com/advisories/26579/

Solution:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php


:user:
 
Status
Not open for further replies.
Back
Top