Critical Bugs Discovered In Yahoo Messenger

Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user's system. eEye Digital Security's researchers found the bugs within the last few weeks and reported them to Yahoo on Wednesday, according to Marc Maiffret, co-founder and CTO of the security company. eEye's researchers say there actually are multiple flaws in Version 8 of Yahoo's instant messenger client software. Maiffret was careful not to give out too much information about the flaw until Yahoo can issue a patch for it.

"We recently learned of a buffer overflow security issue in an ActiveX control. This control is part of the code for Web cam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly. This type of flaw is not going to be prevented by anti-virus. There's no real protection for this type of flaw," said Yahoo spokeswoman Terrell Karlsten. For the vulnerability to cause a problem, however, the user needs to take some kind of action.

News source: InformationWeek

Report a problem with article
Previous Story

Former Cisco exec lands at Joost

Next Story

Substitute teacher spared sentencing for porn pop-ups

13 Comments

Commenting is disabled on this article.

haha..thats just too bad...i've never been a yahoo fan...so i wont have a problem then...i just use my pidgin and new live messenger 8.5 beta which is a dream...combined with A patch makes it great

You mean people actually use this? :redface:

Most of these IM programs are nothing but bloated garbage. Wouldn't use one in a million years, especially Yahoo's or MSN's.

You want the best protection? Don't use it!!

You've never used Yahoo's then because it's nowhere near bloated.

There's an ad on the bottom of it. Yeah that's a lot of bloat there. /sarcasm

While I currently use Adium, it's primarily to chat with my friends on the Windows Live! network. For their original, windows-based clients, I usually perscribe the A-Patch. This makes it really easy to remove the crap from Windows Live! or MSN Messenger. No ads, no billing menus, no backgrounds, packs or winks. Just a clean, concise messaging client. Turn tabs and 'today' off in the options menu, and you're left with a VERY nice instant-messaging client.

Although I hear in the US, everyone uses AIM.

thats hardly "protection" from the flaw now is it! and theres proberly bugs in the Mac and linux versions too.

Possibly (probably?) so, but this particular flaw does not affect those versions. I was just pointing out that their statement wasn't entirely true.

There's no real protection for this type of flaw

Well since the bug is in an ActiveX control, there is one form of protection: use the Mac or Linux version of Yahoo Messenger!

Bugs? No kidding? Yahoo Messenger has been crappy since it released. Every year, I tell myself,"Maybe they've improved?" but no, not at all. New look, new functions, but always the same when it comes to working.