Emergency Update for Yahoo! Messenger


Yahoo! Messenger logoSecunia reported 2 security advisories yesterday regarding vulnerable components (DLL) in the Yahoo! Messenger instant messaging program. Secunia rated these vulnerabilities as extremely critical. In response, Yahoo! has released an emergency patch today.

Description

  1. A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.
  2. A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.

Solution

Update to the latest version.

Yahoo! Messenger update module

Current Version: 8.1.0.401
Yahoo! Messenger Download Page

Related Posts

  • No related posts.

This entry was posted on Saturday, June 9th, 2007 at 10:17 and is filed under Software. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

9 Responses to “Emergency Update for Yahoo! Messenger”

  1. Pinoy Bloggers Updates » Blog Archive » Emergency Update for Yahoo! Messenger Says:
    June 9th, 2007 at 10:31

    [...] Read more… [...]

  2. Shopautodotca Seocontest Says:
    June 9th, 2007 at 12:33

    wow thanks alot i use yahoo alot didnt even know this..

  3. Syaf The Geek Says:
    June 9th, 2007 at 17:26

    I’ve updated it and it seems that IM is getting a lot of security flaws nowadays

  4. Gabby Says:
    June 10th, 2007 at 0:19

    I haven’t used YM for a while, but yeah, IM’s are getting more and more vulnerable nowadays. I don’t know if sites like meebo minimize the risks, but it’s a good thing that they’re there.

  5. Mac @ Motorcycle Fairing Says:
    September 17th, 2008 at 2:00

    yeah, we use yahoo messenger a lot and the last thing they should do is to send a private message to all users to alert them of this danger caused by themselves. lol.

  6. Outdoor Furniture Says:
    September 18th, 2008 at 21:50

    Right, Yahoo seem to be just concern about the position in the market regarding Google but he doesn’t care of his users.

  7. Honda Fairings Says:
    September 22nd, 2008 at 22:49

    I’ve been using the messenger for almost a year and I didn’t know I was putting at risk my computer. Yahoo, that is not working to keep your users, think about it.

  8. Marc Jacobs Sunglasses Says:
    October 3rd, 2008 at 5:20

    Uhm sorry but I don’t use YM cos’ MSN is way better than this.

  9. El Chiflon Says:
    October 7th, 2008 at 14:08

    I’ve been using Yahoo Messenger for almost forever and i haven’t actually tried any other. Thank you for this information. Appreciate it.

    -M from Mexico