Yahoo Fixes Messenger Flaw Yahoo Fixes Messenger Flaw

CrowdStrike Aftermath: Lessons Learned for Future Recovery CrowdStrike Aftermath: Lessons Learned for Future Recovery

byJoao-Pierre S. Ruth

Jul 24, 2024

6 Min Read

Instructor talking to adult student at computer training center.

How to Build an Effective IT Mentoring Program How to Build an Effective IT Mentoring Program

byJohn Edwards

Jul 24, 2024

4 Min Read

Resilience

Recent in Resilience

See All Resilience

dark red poly spider over binary code background - stylized hacker attack in matrix style - blue digits and translucent red on black background

Scattered Spider Suspect Nabbed for MGM Ransomware Attack Scattered Spider Suspect Nabbed for MGM Ransomware Attack

Security Incident text formed with real authentic typeset letters on vintage textured silver grunge copper and gold background

Jul 25, 2024

5 Min Read

Inside the 2023 Sumo Logic Security Intrusion and Response Inside the 2023 Sumo Logic Security Intrusion and Response

logo of OpenAI is seen displayed on a mobile phone screen with the Google logo in the background

Jul 25, 2024

10 Min Read

ML & AI

Recent in ML & AI

See All ML & AI

Machine Learning & AI

OpenAI’s SearchGPT Takes Aim at Google’s Search Engine Dominance OpenAI’s SearchGPT Takes Aim at Google’s Search Engine Dominance

byShane Snider

Jul 26, 2024

3 Min Read

business person holding a tablet with a playbook

Machine Learning & AI

An IT Leaders’ Playbook for Creating an Effective AI Policy An IT Leaders’ Playbook for Creating an Effective AI Policy

byJay Pasteris

Jul 24, 2024

4 Min Read

Data

Recent in Data

See All Data Mgmt

Cyber spying with eye symbol project creating. Abstract concept of surveillance, cyber spying, hacking and violation of privacy

Data Management

Google No Longer Has a Chief Privacy Officer. Should You Follow Suit?Google No Longer Has a Chief Privacy Officer. Should You Follow Suit?

Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.

Jul 26, 2024

5 Min Read

Data Management

How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?

Corporate businessman, financial chart, plants and newspaper in a briefcase: green business and sustainability concept

Jul 22, 2024

11 Min Read

Sustainability

Recent in Sustainability

See All Sustainability

CIO Compensation May Soon Be Tied to Green Data Centers CIO Compensation May Soon Be Tied to Green Data Centers

byMary E. Shacklett

Jul 3, 2024

6 Min Read

ESG Concept. Nature Meet Technology. Green Leaf hologram in circuit 3D Rendering

Sustainability

How to Build Sustainable Software How to Build Sustainable Software

byJohn Edwards

Jul 3, 2024

5 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

dictionary page with definition of a consultant

IT Infrastructure

How to Know When It's Time to Bring in a Network Consultant How to Know When It's Time to Bring in a Network Consultant

byJohn Edwards

Jul 26, 2024

1 Min Read

Cloud security concept with 3d rendering security cameras with circuit cloud.

Cloud Computing

Discover Why Cloud-Native Security is Crucial to Enhancing Your Cloud Security Discover Why Cloud-Native Security is Crucial to Enhancing Your Cloud Security

byBrandon Taylor

Jul 26, 2024

5 Min View

Software

Recent in Software

See All Software

DevOps - development cycles of Automation and monitoring at all steps of software construction

Software & Services

The State of DevOps in the Enterprise The State of DevOps in the Enterprise

byMary E. Shacklett

Jul 23, 2024

5 Min Read

3D Illustration of a Humanoid Robot commonly called Android AI Digital Coding Encryption Decryption

Is GenAI an Existential Risk to Low Code/No Code?Is GenAI an Existential Risk to Low Code/No Code?

InformationWeek Resource Library

Jul 16, 2024

4 Min Read

Newsletters
Reports/Research
Online Events
Live Events
Podcasts

White Papers
Advertise With Us
About Us
IT Sectors

Software & Services

Yahoo Fixes Messenger Flaw

The bug is caused by a flawed Yahoo Messenger ActiveX control that could be used by attackers to crash a chat session, bring down the Internet Explorer browser, or execute malicious code on a victimized PC.

Gregg Keizer, Contributor

December 15, 2006

1 Min Read

Yahoo has patched a critical vulnerability in its Windows instant messaging client and has recommended that all users download and install an updated edition.

The bug, characterized as highly critical by Danish vulnerability tracker Secunia, is caused by a flawed Yahoo Messenger ActiveX control that could be used by attackers to crash a chat session, bring down the Internet Explorer browser, or execute malicious code on a victimized PC.

Yahoo downplayed the threat. "These impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their Web page," the portal and search company said in an online alert. "To our knowledge, there have been no known executable code exploits related to this issue."

All users who downloaded Yahoo Messenger prior to Nov. 2 should install the v. 8.1 update, Yahoo said. Affected users will be prompted to upgrade when they next log into Messenger.

About the Author(s)

Gregg Keizer

Contributor

See more from Gregg Keizer

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

SIGN-UP

Editor's Choice

Bald eagles, eagle in flight.

9 Ways CISOs Can Stay Ahead of Bad Actors 9 Ways CISOs Can Stay Ahead of Bad Actors

Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.

Jul 24, 2024

9 Slides

Data Management

How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?

CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.

Jul 22, 2024

11 Min Read

CrowdStrike Aftermath: Lessons Learned for Future Recovery CrowdStrike Aftermath: Lessons Learned for Future Recovery

byJoao-Pierre S. Ruth

Jul 24, 2024

6 Min Read

Calculator displaying the text "SALARY" on top of $100 bills.

2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI 2024 InformationWeek US IT Salary Report

byInformationWeek Staff

Jun 4, 2024

1 Min Read

Digital Security and Threat of a System

11 Ways Cybersecurity Threats are Evolving 11 Ways Cybersecurity Threats are Evolving