Yahoo Messenger vulnerability identified
3 December 2003
Some systems are at risk from a vulnerability that has been identified in Yahoo! Messenger.
The problem is caused by a boundary error in the ActiveX component 'yauto.dlll' in the Open() function.
This can be exploited to precipitate a buffer overflow by supplying what securia.com describes as 'an overly long argument' to the at-risk function via a malicious web page.
This could be used to allow a malicious website to execute arbitrary code on a user's system.
The removal of the vulnerable ActiveX component is advised, with Securia advising that running of ActiveX controls and Active Scripting support be disabled and only permitted on a site-per-site basis.
Apply for your free web assessment - get a complete health check and optimisation action plan from Weboptimiser, the experts.
Related news
|
|
Leading brand search engine marketing since 1996
Founded in 1996 as an SEO company, Weboptimiser is today one of the Internet marketing sector's best-known and most respected search engine optimisation (SEO) and pay per click (PPC) search engine marketing companies.
With a unique portfolio of brand-friendly services, including usability, contextual advertising and web analytics, a pioneering methodology that covers all 4 stages of interaction between a web site and its visitors, we make our clients sites faster, smarter, busier and more profitable.
