Yahoo Issues Yahoo Messenger Security Fix - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
8/31/2007
01:30 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Yahoo Issues Yahoo Messenger Security Fix

The patch addresses a buffer overflow vulnerability in an ActiveX control that could allow attackers to execute arbitrary code.

Yahoo has issued a patch for its instant messaging client, Yahoo Messenger.

The patch issued Wednesday addresses a buffer overflow vulnerability in an ActiveX control. Users who installed Yahoo Messenger before August 29, 2007 should install the update.

Microsoft's ActiveX controls can interact with the full Windows operating system, unlike Java applets. This gives them a lot of power and also makes them potentially risky.

iDefense Labs identified the Messenger vulnerability. "Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged in user," the company reported on its Web site. "Users would be required to have a vulnerable version of the target software installed and be lured to a malicious site."

Yahoo said that it was unaware of any attempts to exploit the vulnerability. "Some impacts of a buffer overflow might include involuntary log out of a Yahoo Chat and/or Yahoo Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code," the company said. "In this case, these problems could only happen if an attacker successfully lured the Yahoo Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker's Web page. To our knowledge, there have been no known malicious executable code exploits related to this issue."

Yahoo issued another security patch for Yahoo Messenger on Aug. 21. That patch addressed two security issues with the way the software's Webcam functions work: susceptibility to a denial-of-service attack following a malicious Webcam invitation and a buffer overflow that could lead to the introduction of executable code by an attacker.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll