December 5, 2003
Yahoo this week released a security fix for Yahoo Messenger in response to a report that attacks might take advantage of a buffer overflow vulnerability in the popular instant messaging client.
Earlier this week, Danish security firm Secunia issued an advisory noting the vulnerability, which in a worst-case scenario could be used by hackers enticing surfers to a malicious Web site to run code on a compromised machine.
The vulnerability is due to a flaw in the ActiveX component yauto.dll used by Yahoo Messenger. The problem, said Secunias alert, affects versions 188.8.131.527 and earlier.
According to Yahoo, the vulnerability could affect only those users who have changed the security settings of Internet Explorer from the default medium to the low option. Yahoo recommended that users install the most recent version of Internet Explorer and if theyve changed security settings for the browser, return them to the default setting.
Yahoo said it wasnt aware of any active exploits of the bug, but nonetheless posted a patch for Yahoo Messenger. The fix is available for downloading from the companys Web site.
There are currently 1 users browsing this thread. (0 members and 1 guests)