Loading ...
Sorry, an error occurred while loading the content.

Yet Another Yahoo Messenger Security Vulnerability

Expand Messages
  • macanfitheach
    MM, all! I know it s off-topic but I m just posting this as an FYI. I know some of you are probably using Yahoo s IM program and yet another security
    Message 1 of 1 , Jan 10, 2004
    • 0 Attachment
      MM, all!

      I know it's off-topic but I'm just posting this as an FYI. I know
      some of you are probably using Yahoo's IM program and yet another
      security vulnerability has been discovered in this product.

      This vulnerability may allow a remote user to execute arbitary
      code when the target user attempts to download a file; the code will
      run with the privileges of the target user.

      Possible solutions include:

      a. using an alternative IM product such as Trillian for
      messaging on the Yahoo IM service; or

      b. upgrading to Yahoo messenger version5.6.0.1358 or
      better (be advised that you will have to uninstall
      your current version of Yahoo messenger in order
      and reinstall the new version).

      Judging from the amount of security bulletins that this product
      generates, one would think they'd either start from scratch or hire
      some new coders - but it's Yahoo, so go figure... :-)

      Anyhoo, further info can be found at the URI below.

      BB! Cheers,

      Ted

      Ted Mac Daibhidh
      Vice President
      Whitehats.ca Information Systems Security
      Senior Intrusion Detection Specialist

      Phone: (613) xxx-xxxx
      Mobile: (613) xxx-xxxx
      E-mail: ubergeek(at)whitehats.ca
      URI: http://www.whitehats.ca/main/members/Ubergeek/

      SecurityTracker Security Advisory -
      Yahoo! Messenger Buffer Overflow Allows Remote Execution of Code:
      =================================================================
      http://www.securitytracker.com/alerts/2004/Jan/1008651.html
    Your message has been successfully submitted and would be delivered to recipients shortly.