Yahoo Issues Yahoo Messenger Security Fix - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
8/31/2007
01:30 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Yahoo Issues Yahoo Messenger Security Fix

The patch addresses a buffer overflow vulnerability in an ActiveX control that could allow attackers to execute arbitrary code.

Yahoo has issued a patch for its instant messaging client, Yahoo Messenger.

The patch issued Wednesday addresses a buffer overflow vulnerability in an ActiveX control. Users who installed Yahoo Messenger before August 29, 2007 should install the update.

Microsoft's ActiveX controls can interact with the full Windows operating system, unlike Java applets. This gives them a lot of power and also makes them potentially risky.

iDefense Labs identified the Messenger vulnerability. "Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged in user," the company reported on its Web site. "Users would be required to have a vulnerable version of the target software installed and be lured to a malicious site."

Yahoo said that it was unaware of any attempts to exploit the vulnerability. "Some impacts of a buffer overflow might include involuntary log out of a Yahoo Chat and/or Yahoo Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code," the company said. "In this case, these problems could only happen if an attacker successfully lured the Yahoo Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker's Web page. To our knowledge, there have been no known malicious executable code exploits related to this issue."

Yahoo issued another security patch for Yahoo Messenger on Aug. 21. That patch addressed two security issues with the way the software's Webcam functions work: susceptibility to a denial-of-service attack following a malicious Webcam invitation and a buffer overflow that could lead to the introduction of executable code by an attacker.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll