Email us! Subscribe to Liquidmatrix!

Yahoo! Messenger Buffer Overflow

Author: Dave Lewis
April 4, 2007 at 6:36 am · Filed under Vulnerability

From Secunia:

Description:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error within the AudioConf ActiveX control (yacscom.dll) component of Yahoo! Messenger. This can be exploited to cause a stack-based buffer overflow by setting the “socksHostname” and “hostName” properties to an overly large string and then calling the “createAndJoinConference()” method.

Successful exploitation allows execution of arbitrary code when a user visits a malicious web site.

The vulnerability is reported in version 8.x. Other versions may also be affected.

Article Link

Tags: , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Yahoo! Messenger Two ActiveX Controls Buffer Overflows
  • Yahoo Messenger Security Problems
  • Bugs O’ Plenty
  • WinDVD ActiveX Control Buffer Overflow
  • Snort Buffer Overflow

    • Leave a Comment