iTWire - Yahoo patches Messenger vulnerabilities

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Yahoo patches Messenger vulnerabilities

Yahoo patches Messenger vulnerabilities

E-mail

by Stan Beer
Saturday, 09 June 2007
Yahoo has issued fixes for a critical bug in its Yahoo Messenger IM client which if exploited could hand control of a user's computer to a remote attacker. Featured Whitepaper 5 Best Practices for Smartphone Support The bug in the ActiveX controls of the webcam feature of Yahoo Messenger 8.x enabled buffer overflows to occur when using a webcam to view or stream images. This in turn created conditions for a remote attack to occur if a user visited a maicious website that exploited the flaw. Yahoo Messenger has an estimated user base of about 100 million and is interoperable with Microsoft Live Messenger. Security firm, eEye Digital Security, which reported the bug to Yahoo on June 5, stated in an advisory: "eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x. Ywcupl.dll is Yahoo's Webcam Upload ActiveX Control used by Yahoo! Messenger to stream content from a user's webcam to other users. Ywcvwr.dll is Yahoo! Messenger's Webcam Viewer ActiveX Control used to view any streamed content. These files are normally used only when viewing or streaming webcam content to and from Yahoo Messenger, but they are incorrectly marked safe for scripting and can be instantiated by any website. Furthermore they both fail to perform bounds checking on variables resulting in 2 stack-based buffer overflow conditions that could allow arbitrary code to execute in the context of the logged-in user." Yahoo issued a patch for the bug on June 8.{moscomment} Tags See All Tags Instant messaging Internet Security Stan Beer Yahoo! Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

...Promote your press-releases here

Latest jobs

Applications Project Manager (.Net) (Q2)
SharePoint Migration Specialist (Q2)
Multiple Project Managers ? Generalist Skills (Q2)
SharePoint Migration Specialist (Q2)
Project Administrator
Midrange Team Leader
Solution Architect
Project Administrator
Midrange Team Leader
Solution Architect

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking