Yahoo! Messenger - Remote hacker automatic control
| Version: | At least version 8.1 |
| Technical Details: | Boundary errors in YVerInfo.dll ActiveX control, which lead to arbitrary code execution, but requires some access to a *.yahoo.com domain to be functional. Full exploit code has been released publicly onto a number of sites. |
Description: |
First reported late last week by iDefense, two vulnerabilities affecting Yahoo! Messenger have been discovered that can lead to an attacker being able to take control over a vulnerable system. Despite being able to run code of the attacker's choice, it will only compromise a system to the level of the current user. Exploit code has since been publicly released for this issue. |
Mitigation: |
Update to the latest version available from Yahoo! (8.1.0.419). Alternatively, it is possible to set the killbit for the YVerInfo.dll ActiveX control in the Registry to gain protection against this issue. |
Updates: |
http://messenger.yahoo.com/security_update.php?id=082907 |
Source: |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591 |
Exploits: |
Multiple Sources |
| External Tracking Data: | CVE-ID: CVE-2007-4515 |
Social bookmark this page
More information:
Subscribe to our feed.Security Portal202420232022202120202019201820172016201520142013201220112010200920082007 - December - November - October - SeptemberQuickTime - Remote hacker automatic controliTunes - Remote hacker automatic controlKerberos - Remote hacker automatic controlYahoo! Messenger - Remote hacker automatic control - August - July - June - May - April - March - February - January20062005
Focussed Advisories
Reach Us:
Reach us at
info@beskerming.com
Reach us via IM
Jabber:
Server - jabber.org.au
Account - Sunnet.Beskerming
AIM / iChat:
sunnetbeskerming
ICQ:
339742914
Google Talk:
Sunnet.Beskerming
Yahoo! Messenger:
sunnet.beskerming
MSN:
info@beskerming.com
Testimonials
"...extremely timely, accurate reporting..."
"...honesty which is refreshing..."