In association with heise online

11 June 2007, 09:45

Yahoo patches Messenger

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The vendor has fixed the recently discovered security hole in its Yahoo Messenger software with a new program version. Users of the software are advised to install it as soon as possible. The author of the first two exploits has meanwhile published refined and revised versions, which could be used by script kiddies to put together malicious web pages with only few mouse clicks.

For instance, security holes in the ActiveX modules for webcam support could be exploited by attackers to inject arbitrary code on the systems of affected users through manipulated web pages. The updated program version provided by Yahoo replaces defective ActiveX modules in the ywcupl.dll and ywcvwr.dll files. The fix is included in the libraries of version and above. During the next few weeks, Yahoo will inform users logging into the Yahoo service of the new version and recommend an update.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit