SECUR> Secruity - Yahoo Instant Messanger

• From: Gleason Sackmann <gleason@xxxxxxxxxxxxxxx>
• To: NetHappenings <nethappenings@xxxxxxxxxxxxx>
• Date: Tue, 09 Dec 2003 09:45:00 -0600

**************************************************************
Net Happenings - From Educational CyberPlayGround
**************************************************************

Yahoo Instant Messenger has security flaw

Secunia has released a "highly critical" advisory regarding yauto.dll, an
ActiveX component in Yahoo Instant Messenger, which could allow an attacker
to execute arbitrary code on a target computer. The flaw is a classic
buffer overrun, exploited by sending and overly long URL (uniform resource
locator) to a faulty yauto.dll function, either crashing the application or
inserting malicious code. An attacker could set up a website and entice
Yahoo Messenger users to click a link, triggering the overflow. Users can
protect themselves by removing yauto.dll from the hard drive, or setting
their browsers not to run ActiveX or Active Scripting.

http://www.computerweekly.com/articles/article.asp?liArticleID=127018&liArticleT
ypeID=1&liCategoryID=6&liChannelID=22&liFlavourID=1&sSearch=&nPage=1


Karen Ellis

<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND 
http://www.edu-cyberpg.com

VENDORS REACH THE EDUCATION MARKET
FREE EDUCATION VENDOR DIRECTORY LISTING
Find PREMIUM & FEATURED MERCHANT LISTING ALSO 
http://www.edu-cyberpg.com/Directory/default.asp

HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp

SERVICES
http://www.edu-cyberpg.com/PS/Home_Products.html

Net Happenings,K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription