Yahoo patches Messenger ActiveX control flaws

By on
Yahoo patches Messenger ActiveX control flaws

Yahoo patched two vulnerabilities in Messenger's ActiveX control, which were disclosed by a hacker offering proof-of-concept exploit code earlier this week.

The Sunnyvale, Calif.-based web giant encouraged Messenger users to download version 8.1.0.410 from its website.

"The Yahoo Messenger team recently learned of a buffer overflow security issue in ActiveX control. Upon learning of this issue, we began working toward a resolution and implemented a fix to Yahoo Messenger’s software download," read a statement released today by Yahoo spokesman Terrell Karlsten. "We are encouraging all Yahoo Messenger users to download the latest version available at messenger.yahoo.com."

Users will be prompted to download a new version of Messenger in the coming weeks, according to the statement.

According to an advisory released Thursday, Yahoo was made aware of the flaw by eEye Digital Security.

A hacker using the handle "Danny" released two zero-day ActiveX exploits for Yahoo Messenger’s Webcam application on the Full Disclosure mailing list on Thursday.

Secunia ranked the flaws as "highly critical" and FrSIRTassigned them a "high" risk ranking.

One flaw is a boundary error within the Yahoo Webcam Upload ActiveX control, which can be exploited to cause a stack-based buffer overflow, according to a Security advisory updated today.

The other vulnerability exists within the Yahoo Webcam Viewer ActiveX control and can also be exploited for a stack-based buffer overflow attack, according to Secunia.

Don Montgomery, vice president of marketing at Akonix, told SCMagazine.com that better email security solutions and the convergence of networks are two reasons hackers are turning their attention to IM

"They are turning to this pathway because it’s still open to them. Obviously, email is still a big spam target, but not as big of a target for viruses," he said.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?