Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Yahoo! Messenger - Remote hacker automatic denial of service

Version: 8.1 and prior.
Technical Details:

Buffer overflow condition in Yahoo! Messenger leading to denial of service (application crash) and potential arbitrary code execution (not proven) that is encountered when a victim loads a malicious address book entry and then hovers the mouse over the entry in Yahoo! Messenger.

Description:

A vulnerability allowing remote attackers to crash Yahoo! Messenger sessions was released earlier this week. Although the vulnerability is described the the discoverer as potentially leading to arbitrary code execution, there is no evidence at this stage beyond application crashes.

Mitigation:

Consider the use of an alternative IM application that supports the Yahoo! Messenger network protocol until Yahoo! are able to issue a patch to address this issue.

Updates:

Not Yet Available

Source:

http://www.xdisclose.com/advisory/XD100002.html

Exploits:

External Tracking Data:

Not Yet Identified


Social bookmark this page