Yahoo Posts Exploit Fix for Messenger Flaws

Exploit code is out for critical Yahoo Messenger flaws found by eEye Digital Security earlier this week. Both of the flaws, which allow for system hijacking, are boundary errors in two ActiveX controls in Yahoo Messenger's Webcam Upload and Webcam Viewer.

Security researchers say that they expect attacks using the flaws to arrive soon. That makes prompt patching critical. Yahoo has an update available, Version 8.1.0.401, to fix the vulnerability, posted at messenger.yahoo.com. The company provided this statement on the issue:

"The Yahoo Messenger team recently learned of a buffer overflow security issue in an ActiveX control. Upon learning of this issue, we began working towards a resolution and implemented a fix to Yahoo Messenger's software download. We are encouraging all Yahoo Messenger users to download the latest version (8.1.0.401) available at messenger.yahoo.com."

View: The full story
News source: eWeek

Report a problem with article
Previous Story

AMD begins shipping Radeon HD 2400 and 2600

Next Story

One billion PCs worldwide by end of 2008

4 Comments

Commenting is disabled on this article.

^YahElite is not as secure as they make it sound.

Best thing to do is just not go into their chat. Their chat is a joke anymore anyway. 50 people can be in a room and 35 are porn/spam bots, 10 are booter bots and the 5 left are usually idiotic guys thinking the bots are real women wanting them to view their cams I haven't been in a Yahoo chat room in about 2 years. Yahoo needs to fix the bot issue if they want people to stay in their chat anymore or jsut get rid of their chat completely.

It does not matter what they do with this app it still has exploits.

I prefer YahElite myself if I ever use a yahoo chat room.