In association with heise online

07 June 2007, 11:27

Critical security vulnerabilities in Yahoo Messenger

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Yahoo Messenger installs ActiveX modules which provide support functions for webcams. Attackers can provoke buffer overflows in these modules and thereby inject malicious code. An update from Yahoo is not yet available.

The faulty components are the webcam upload ActiveX module ywcupl.dll and the webcam viewer ywcvwr.dll. In the upload module, the transfer of a very long string as a value for the server field during activation of the function send(), can cause a buffer overflow. The same error exists in the viewer component during activation of the function receive(). Exploits for the vulnerabilities are already being circulated on the Internet.

This bug affects the Yahoo Messenger in Version and possibly previous versions. An update is still not available. Users of the software should therefore set Killbits for the CLSIDs {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} and {9D39223E-AE8E-11D4-8FD3-00D0B7730277} , to protect themselves from potential attacks. Microsoft explains in a Knowledgebase Article, how to install Killbits for the ActiveX module.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit