hackfix-virusnews: Yahoo! Messenger! multiple! vulns! (interesting articles)
- From: "Christy" <snowz@xxxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Wed, 29 May 2002 02:12:37 -0400
Yahoo! Messenger! multiple! vulns!
By Thomas C Greene in Washington
Posted: 28/05/2002 at 09:08 GMT
There are two new Yahoo Instant Messenger (YIM)
vulnerabilities which can potentially compromise a
user's machine, Vietnamese researcher Phuong Nguyen
has discovered. Yahoo! has been notified and a fixed
version is available for download here.
First up, an unchecked buffer which enables any URL
beginning with 'ymsgr:' to call ypager.exe, crash it
and run malicious code if the messenger is integrated
with the browser. All that's needed is 268 bytes to
overflow the buffer, and exploit code can be loaded
with the user's level of privilege. The 'call',
'sendim', 'getimv', 'chat', 'addview' and 'addfriend'
function calls can be exploited, Nguyen says.
Read more here:
http://www.theregister.co.uk/content/55/25466.html
Other references:
http://nl2.vnunet.com/News/1132167
http://news.com.com/2100-1023-923638.html
http://zdnet.com.com/2100-1105-923683.html
=A9 2002, Situation Publishing. All rights reserved..
Partial Article Reposted with Permission.
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: Yahoo! Messenger! multiple! vulns! (interesting articles)
