Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Yahoo! Messenger - Remote hacker automatic control

Version: At least version 8.1
Technical Details:

Arbitrary remote code execution vulnerabilities affecting the ActiveX control associated with Yahoo! Messenger's support for webcams (ywcvwr.dll). Multiple derivatives of the vulnerabilities have been disclosed, complete with exploit code. Specifically, the vulnerabilities appear to be buffer overflows and can be triggered by the victim visiting a malicious web page. The ywcupl.dll is also vulnerable to remote code execution attacks.


Multiple vulnerabilities have been discovered and disclosed affecting the Yahoo! IM software for Windows. Specifically, the vulnerabilities affect the support for webcams from within Yahoo! Messenger. Using the exploits that have already been circulated, it is possible for an attacker to run software of their choice on a victim's system.


Update to the latest Yahoo! Messenger version. Advanced users and administrators may consider setting the killbit for the vulnerable ActiveX controls (clsid:DCE2F8B1-A520-11D4-8FD0-00D0B7730277), and (clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730277)



Danny (server.exception < at >


External Tracking Data:

Not Yet Identified

Social bookmark this page