Unsafe ActiveX module in Yahoo Messenger
Yahoo Messenger installs an ActiveX module which can be embedded by Internet Explorer and contains a security vulnerability via which it is possible to inject arbitrary code. Yahoo has released an update to fix the vulnerability.
The security vulnerability, reported by the Zero Day Initiative, affects the Yahoo.AudioConf ActiveX module, which is provided by the yacscom.dll library. If a web page visited by a Yahoo Messenger user loads the module with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7 and passes very large values for the socksHostname and hostname parameters, a buffer overflow occurs. This can be used to execute injected code.
Yahoo has silently updated the Messenger software to fix the problem. Users who downloaded Yahoo Messenger before 13th March 2007 should update the software sharpish.
- Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow, security advisory from the Zero Day Initiative
- Yahoo! ActiveX Audio Conferencing Update, information on the update from Yahoo