Zero-day vulnerability in Yahoo Messenger
A security vulnerability in Yahoo Messenger allows attackers to inject malicious code into a user's computer. The zero-day vulnerability, reported in McAfee's security blog, can be exploited by attackers using specially crafted invitations to webcam sessions.
According to McAfee, the vulnerability stems from a heap based buffer overflow and affects Version 220.127.116.113 of the Yahoo Messenger. The company gives no further details. The antivirus vendor has informed Yahoo about the vulnerability. Until an updated version of the Messenger is released, McAfee recommends rejecting webcam invitations from unknown senders. They also advise that, until the update is available, administrators should block outgoing traffic to TCP port 5100 in the firewall through which the Messenger conducts webcam sessions.
- More on the Yahoo! Messenger Webcam 0day..., blog entry in McAfee's security blog