In association with heise online

16 August 2007, 11:14

Zero-day vulnerability in Yahoo Messenger

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security vulnerability in Yahoo Messenger allows attackers to inject malicious code into a user's computer. The zero-day vulnerability, reported in McAfee's security blog, can be exploited by attackers using specially crafted invitations to webcam sessions.

According to McAfee, the vulnerability stems from a heap based buffer overflow and affects Version of the Yahoo Messenger. The company gives no further details. The antivirus vendor has informed Yahoo about the vulnerability. Until an updated version of the Messenger is released, McAfee recommends rejecting webcam invitations from unknown senders. They also advise that, until the update is available, administrators should block outgoing traffic to TCP port 5100 in the firewall through which the Messenger conducts webcam sessions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit