The company gave the bugs its highest security threat rating. "If you're running this, your system could be compromised," said Maiffret. "It allows for remote [code] execution."
"We recently learned of a buffer overflow security issue in an ActiveX control," a Yahoo spokeswoman said in an e-mail to InformationWeek. "This control is part of the code for Web cam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly."
Maiffret was careful not to give out too much information about the flaw until Yahoo can issue a patch for it. However, he would say that for the vulnerability to cause a problem, the user would have take some kind of action.
"This type of flaw is not going to be prevented by antivirus," he added. "There's no real protection for this type of flaw."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.