[AI] Yahoo Messenger Hole Found
dl.vikas at gmail.com
Thu Aug 16 09:55:18 EDT 2007
Yahoo Messenger Hole Found
A vulnerability in Yahoo's IM program could allow an intruder's code to run on a PC.
Jeremy Kirk, IDG News Service
gram can potentially cause unwanted code to run on a PC, according to security researchers.
Details of the vulnerability were first posted on a
Chinese-language security forum
and was later confirmed with Yahoo security officials, wrote
, a researcher with
's Avert lab in
on a company blog.
So far, no exploit code has been published,
, also of McAfee.
The vulnerability affects
version 18.104.22.1683. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where
a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code, said
, a security analyst for McAfee in the
McAfee is advising that people reject Web camera invitations until Yahoo issues a patch. Users can also block outgoing traffic on TCP port 5100, which is
affiliated with program's operation, Day said.
Yahoo could not be immediately reached for comment.
MSN Id:dl_vikas at hotmail.com, Yahoo+Skype Id: dl_vikas,
Mobile: (+91) 9891098137.
More information about the AccessIndia