New ActiveX Flaws Hit Yahoo Messenger
This week didn't start too well for Yahoo: two new flaw have been found within the company's Messenger. As usual, successful exploitation will will render the user's system more or less useless.
September 3, 2007
According to Secunia, the new flaws “are caused due to boundary errors within the YVerInfo.dll ActiveX control and can be exploited to cause stack-based buffer overflows via the "fvCom()" and "info()" methods.”In the end, the hacker gets to run any code he chooses on the victim's computer.
However, there's a catch. In order to get the user infected, the hacker must first draw him on an especially-crafted web page in the yahoo.com domain, using means like cross-site scripting vulnerability or by manipulating the DNS resolution.
Random thought: a new wave of “Breaking News” or “Naked pictures of – insert any good-looking star -” was just waiting to happen.
The new threat has been marked “moderately critical” by Secunia.
The only way to elude the danger is to upgrade. According to reports, the flaw affects all versions of Yahoo! Messenger 8.x, except version 18.104.22.1689, which was released last week. The unaffected version can be downloaded from here
Yahoo's previous chapter in the Messenger security issues saga featured the 8.0 and 8.1 Windows versions of the software. The flaw allowed a heap overflow to be triggered when the victim accepted a webcam invite.