Subscribe: Subscribe to BigBlueBallRSSSubscribe to BigBlueBall by emailEmailSubscribe to BigBlueBallTwitter


Go Back   BigBlueBall Forums > Site News & Announcements > Instant Messaging News > Yahoo! Messenger News
Forgot Password? Register
Connect with Facebook

Reply
 
LinkBack Topic Tools
  #1 (permalink)  
Old 02-04-2008, 11:25 PM
Jeff's Avatar
Administrator
 

Join Date: Mar 2001
Location: San Clemente, CA, USA
Posts: 9,075
Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)Jeff has left a lasting impression (500)
Send a message via ICQ to Jeff Send a message via AIM to Jeff Send a message via MSN to Jeff Send a message via Yahoo to Jeff Send a message via Skype™ to Jeff
ActiveX vulnerability in Yahoo Messenger

Security analysts are warning that Yahoo! Messenger is vulnerable to ActiveX attacks similar to those recently reported in the image uploading tools for Facebook and MySpace.

Elazar Broad discovered a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2.56, and Krystian Kloskowski and Broad have discovered a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2.56c. On top of that, Kloskowski has disclosed a buffer overflow within datagrid.dll 2.2.2.56.

These three vulnerabilities are found in Yahoo Instant Messenger 3.5 and Yahoo Messenger 4.0, 5.0 and 5.5, and could allow an attacker to compromise affected systems.

The simple solution is to use a web-based messenger or upgrade to the current version of Yahoo! Messenger. If you're determined to stick with an old, buggy version, there is a workaround. You can enable the ActiveX controls for the dlls in question (details from Microsoft here).
Attached Images
 
Reply With Quote
 

 
Reply


Currently Active Users Viewing This Topic: 1 (0 members and 1 guests)
 
Topic Tools


Similar Topics
Topic Topic Starter Forum Replies Last Post
How Yahoo booters *REALLY* work. cjdelphi Yahoo! Messenger Support 45 07-30-2008 08:50 PM
Connectivity error and common error solutions Sjoerd Windows Live Messenger Support 6 01-01-2006 02:03 PM
Yahoo! Messenger Plus 1.7CT for US, UK, and more oliezekat Yahoo! Messenger Support 48 09-27-2005 01:00 PM
Yahoo! Announces Yahoo! 360 Service Jeff Yahoo! Messenger News 3 08-09-2005 12:23 AM
ActiveX and Yahoo Messenger smileycam Yahoo! Messenger Support 2 04-01-2005 08:09 AM

 

All times are GMT -5. The time now is 10:07 PM.