- Joined
- Mar 5, 2002
- Messages
- 25,751
- Reaction score
- 1,210
http://secunia.com/advisories/26579/Description:
Some vulnerabilities have been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors within the YVerInfo.GetInfo.1 and YVerInfo.GetInfo2.1 ActiveX controls (YVerInfo.dll) when handling the "fvCom()" and "info()" methods. These can be exploited to cause stack-based buffer overflows by passing specially-crafted, overly long arguments to the affected methods.
Successful exploitation allows execution of arbitrary code, but requires a malicious web page is in a domain that contains a ".yahoo." substring in the subdomain of the TLD (e.g. via a cross-site scripting vulnerability or by manipulating the DNS resolution).
Solution:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php