ActiveX vulnerability in Yahoo Messenger

Posted by Jeff Jeff is offline

on 02-04-2008, 11:25 PM

Security analysts are warning that Yahoo! Messenger is vulnerable to ActiveX attacks similar to those recently reported in the image uploading tools for Facebook and MySpace.

Elazar Broad discovered a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2.56, and Krystian Kloskowski and Broad have discovered a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2.56c. On top of that, Kloskowski has disclosed a buffer overflow within datagrid.dll 2.2.2.56.

These three vulnerabilities are found in Yahoo Instant Messenger 3.5 and Yahoo Messenger 4.0, 5.0 and 5.5, and could allow an attacker to compromise affected systems.

The simple solution is to use a web-based messenger or upgrade to the current version of Yahoo! Messenger. If you're determined to stick with an old, buggy version, there is a workaround. You can enable the ActiveX controls for the dlls in question (details from Microsoft here).

View Comments Show Printable Version Email this Page

Comments

« Previous Topic | Next Topic »

Currently Active Users Viewing This Topic: 1 (0 members and 1 guests)

Topic Tools
Show Printable Version Email this Page

Similar Topics
Topic	Replies	Last Post
How Yahoo booters REALLY work.	45	07-30-2008 08:50 PM
Connectivity error and common error solutions	6	01-01-2006 02:03 PM
Yahoo! Messenger Plus 1.7CT for US, UK, and more	48	09-27-2005 01:00 PM
Yahoo! Announces Yahoo! 360 Service	3	08-09-2005 12:23 AM
ActiveX and Yahoo Messenger	2	04-01-2005 08:09 AM

News Categories

Latest News

News Feeds

ActiveX vulnerability in Yahoo Messenger

Comments

Forums

Latest IM News

Recommended Links