Yahoo! Assistant ActiveX code execution exploit
Shanghai-based security researcher Sowhat (Feng Xue) reports on his Secway.org web site of a vulnerability in the Yahoo! Assistant ActiveX control, primarily used in China. The hole can be exploited to execute arbitrary code via a malicious web page.
Memory corruption occurs when the ActiveX control is instantiated. As a result a virtual function call points to invalid data. This bug can be exploited by heap spraying. A detailed breakdown and proof of concept are provided in the advisory. Sowhat recommends setting the kill bit for the control, although a patch was apparently made available on 23 March.
See also
- Yahoo! Assistant (3721) ActiveX Remote Code Execution Vulnerability, advisory from Sowhat
(mba)