Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Yahoo! Widgets - Remote hacker automatic control

Version: 4.0.3 and prior.
Technical Details:

Boundary error in the YDPCTL.dll ActiveX control leading to stack buffer overflow and execution of arbitrary code.


The ActiveX control used by Yahoo! Widgets has been found to be vulnerable to a memory error that can allow a remote attacker to take control over a vulnerable system.

As this vulnerability affects the ActiveX control used by the Yahoo! Widgets / Konfabulator engine, only the Windows version is affected.


Update to version 4.0.5 of the Yahoo! Widget / Konfabulator engine to avoid exploitation of this issue. Advanced users can disable the following CLSID for interim protection - 7EC7B6C5-25BD-4586-A641-D2ACBB6629DD




External Tracking Data:

Not Yet Identified

Social bookmark this page