Yahoo! Messenger Security Vulnerabilities

June 10, 2007 | By George In General Voip |

Researchers at eEye Digital Security have been reporting vulnerabilities in Yahoo Messenger that sllow hackers to remotely execute code. Version 8.x of the messaging client is at risk.

Given a threat level of “high” by eEye, the flaws were reported to Yahoo on June 5th. There is no evidence yet that these vulnerabilities have been exploited in the wild.

Though eEye was unwilling to supply details about security holes that have yet to be plugged, Denmark-based Secunia has provided more information. According to Secunia a boundary error within the Yahoo Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.

A boundary error associated with Yahoo Webcam Viewer (ywcvwr.dll) ActiveX control, can be used to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.

IM, like the web or email has become a fully accepted form of communication. As a result, IM has certainly become another threat vector.

Other Related Posts:

  • Gizmo Project Supports Nokia N95-The popular VoIP software, Gizmo Project, has rece...
  • XBox LIVE with Windows Live Messenger-Beginning May 9th, the most popular online gaming ...
  • Mobile Security Conference: Boston, MA-The Mobile Security Conference will be held in Bos...
  • 5 Super Convenient VoIP Features-Did you know you can automatically block telemarke...
  • How Secure is Your VoIP?-VoIP certainly can be a speedy, not to mention aff...

    •  

    No Comments

    Leave a reply