The buffer overrun vulnerability was discovered by a researcher in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 5.6.0.1347, according to a security alert released. Accepting webcam invites from unknown users on Yahoo! Messenger Webcam could allow hackers to gain remote access of your computer. The company was notified via e-mail about the hole one month ago, but did not respond.
Yahoo issued a statement saying that the company is working to verify the report and develop a patch for Messenger. "Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.
Yahoo Messenger allows users to instantaneously communicate with each other over the Internet using text messages. It also lets users send files or links to Web pages. Instant messaging applications such as Yahoo Messenger, Microsoft's MSN Messenger, and America Online's AOL Instant Messenger are increasingly used at companies to let workers communicate with each other over corporate LANs.
Attackers could trigger a buffer overrun on machines running Yahoo Messenger by sending a long stream of data in the form of a Web page URL to a vulnerable function within yauto.dll, crashing the application or allowing the attacker to place his or her own malicious code on the machine. In buffer overflow attacks, hackers use flaws in a software program's underlying code to overwrite areas of the computer's memory, replacing legitimate computer instructions with bad data or other instructions.
To launch an attack, hackers could set up a Web page, then lure Yahoo Messenger users into visiting the site and clicking on a link that triggers the buffer overrun and runs the attack code.
Yahoo Messenger users running vulnerable versions of the program were advised to remove yauto.dll from their computer hard drive. Users should also consider modifying their Web browser configuration to prevent ActiveX controls and Active Scripting from running, except on approved Web sites.
Yahoo Messenger allows users to instantaneously communicate with each other over the Internet using text messages. It also lets users send files or links to Web pages. Instant messaging applications such as Yahoo Messenger, Microsoft's MSN Messenger, and America Online's AOL Instant Messenger are increasingly used at companies to let workers communicate with each other over corporate LANs.
Attackers could trigger a buffer overrun on machines running Yahoo Messenger by sending a long stream of data in the form of a Web page URL to a vulnerable function within yauto.dll, crashing the application or allowing the attacker to place his or her own malicious code on the machine. In buffer overflow attacks, hackers use flaws in a software program's underlying code to overwrite areas of the computer's memory, replacing legitimate computer instructions with bad data or other instructions.
To launch an attack, hackers could set up a Web page, then lure Yahoo Messenger users into visiting the site and clicking on a link that triggers the buffer overrun and runs the attack code.
Yahoo Messenger users running vulnerable versions of the program were advised to remove yauto.dll from their computer hard drive. Users should also consider modifying their Web browser configuration to prevent ActiveX controls and Active Scripting from running, except on approved Web sites.
