Exploit Code Out For Yahoo IM Flaws

United States
June 8, 2007 2:08pm CST
Code for two exploits in Yahoo Messenger first disclosed earlier this week by security firm eEye appeared on the Full Disclosure mailing list on Thursday. At the current time, the only fix is to set the 'kill bits' in the ActiveX controls responsible for the vulnerabilities, although it requires a system registry edit. Yahoo says it is working on a fix for both issues. The first set of code takes advantage of buffer overflow issues within the Webcam ActiveX component, while the other causes a buffer overflow in the ywcvwr.dll viewer. The issues affect both Yahoo Messenger 8.0 and 8.1 running on Windows. Note: This is an update to a news report I posted here on mylot a day or so ago. Basically I would advise people not to use their webcams on Yahoo messenger until these problems get fixed. If you want to use your webcam use MSN/Live Messenger.
3 people like this
5 responses
meme0907
@meme0907 (3481)
• United States
10 Jun 07
Hey CR619, I know this is gonna make sound like a dufus but does that mean spying ppl can read our IM's & see our web cams? Thanks for keeping us informed. +'s 2 U :D
1 person likes this
billabadmash
@billabadmash (1011)
• Pakistan
9 Jun 07
Hello thanks for the Information buddy. You said not to use your web cam does that means one can view my web cam without my permissions or what i mean i want to know the exact problem and also if you can provide me the link where you got this information.
1 person likes this
gberlin
@gberlin (3836)
8 Jun 07
Thanks Chris on the updates. I can count on you to keep me informed.
1 person likes this
Lydia1901
@Lydia1901 (16351)
• United States
14 Jun 07
Well, I did not hear this news, I have not been chatting much lately. That sounds very serious. Thanks for sharing that.
aprilgrl
@aprilgrl (4460)
• United States
9 Jun 07
Thanks for the info.
1 person likes this