Yet Another Yahoo Messenger Security Vulnerability
- MM, all!
I know it's off-topic but I'm just posting this as an FYI. I know
some of you are probably using Yahoo's IM program and yet another
security vulnerability has been discovered in this product.
This vulnerability may allow a remote user to execute arbitary
code when the target user attempts to download a file; the code will
run with the privileges of the target user.
Possible solutions include:
a. using an alternative IM product such as Trillian for
messaging on the Yahoo IM service; or
b. upgrading to Yahoo messenger version126.96.36.1998 or
better (be advised that you will have to uninstall
your current version of Yahoo messenger in order
and reinstall the new version).
Judging from the amount of security bulletins that this product
generates, one would think they'd either start from scratch or hire
some new coders - but it's Yahoo, so go figure... :-)
Anyhoo, further info can be found at the URI below.
Ted Mac Daibhidh
Whitehats.ca Information Systems Security
Senior Intrusion Detection Specialist
Phone: (613) xxx-xxxx
Mobile: (613) xxx-xxxx
SecurityTracker Security Advisory -
Yahoo! Messenger Buffer Overflow Allows Remote Execution of Code: