Critical security vulnerabilities in Yahoo Messenger
Yahoo Messenger installs ActiveX modules which provide support functions for webcams. Attackers can provoke buffer overflows in these modules and thereby inject malicious code. An update from Yahoo is not yet available.
The faulty components are the webcam upload ActiveX module ywcupl.dll and the webcam viewer ywcvwr.dll. In the upload module, the transfer of a very long string as a value for the server field during activation of the function send(), can cause a buffer overflow. The same error exists in the viewer component during activation of the function receive(). Exploits for the vulnerabilities are already being circulated on the Internet.
This bug affects the Yahoo Messenger in Version 8.1.0.249 and possibly previous versions. An update is still not available. Users of the software should therefore set Killbits for the CLSIDs {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} and {9D39223E-AE8E-11D4-8FD3-00D0B7730277} , to protect themselves from potential attacks. Microsoft explains in a Knowledgebase Article, how to install Killbits for the ActiveX module.
- 2nd Yahoo 0day ActiveX Exploit, security report on Full Disclosure
(mba)