Two Critical Vulnerabilities Hit Yahoo MessengerBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
What to Do If You Think ...
VoIP Security Tips : Pot...
Security Checklist by Cy...
Secure Webmail Tips and ...
What to Do If You're a V...
How Virus and Spyware Pr...
Norton Internet Security...
Top 5 Anti-Malware Prote...
How To Push The Anti-Spy...
How to Educate Against P...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Bugtraq: [SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities
2008/8/21 13:19:33
Bugtraq: [ MDVSA-2008:178 ] xine-lib
2008/8/21 11:36:17
Bugtraq: Null Byte Local file Inclusion in FAR - PHP Project version:1.0
2008/8/21 11:36:17
Bugtraq: [ MDVSA-2008:177 ] xine-lib
2008/8/21 11:36:17
Bugtraq: UPDATE: [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning
2008/8/21 11:36:17
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
RSS / Atom Feeds
Windows Security : Two Critical Vulnerabilities Hit Yahoo Messenger
Posted by Max on 2007/6/7 14:59:16 (753 reads)
Windows Security

Two 'extremely critical' vulnerabilities have been exposed in Yahoo Messenger that could be exploited by malicious hackers to take over a system. The boundary errors have been confirmed in version 8.1.0.249 of the instant messaging software, but other versions may also be affected.

Both software bugs occur within the Yahoo Webcam functionalities of the IM application. The problems occur in the 'ywcupl.dll' file that handles the Webcam Upload, and the 'ywcvwr.dll' file which handles the Webcam Viewer.

Both ActiveX controls can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the Server property and then using the 'Send()' or 'Receive()' actions.

A successful execution of the exploits could allow arbitrary code to be run on the affected machine.

Security firm Secunia rated the flaws at its highest 'extremely critical' level, and said that the problems can be blocked by changing the kill-bit settings for the affected ActiveX controls.



Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads