Buffer overflow condition in Yahoo! Messenger leading to denial of service (application crash) and potential arbitrary code execution (not proven) that is encountered when a victim loads a malicious address book entry and then hovers the mouse over the entry in Yahoo! Messenger.

Description:

A vulnerability allowing remote attackers to crash Yahoo! Messenger sessions was released earlier this week. Although the vulnerability is described the the discoverer as potentially leading to arbitrary code execution, there is no evidence at this stage beyond application crashes.

Mitigation:

Consider the use of an alternative IM application that supports the Yahoo! Messenger network protocol until Yahoo! are able to issue a patch to address this issue.

Updates:

Not Yet Available

Source:

http://www.xdisclose.com/advisory/XD100002.html

Exploits:

Not Yet Identified