|
Yahoo! Messenger Filename Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA10573
|
|
|
Release Date:
|
2004-01-08
|
|
Popularity:
|
11,361 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Yahoo! Messenger 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Tri Huynh has reported a vulnerability in Yahoo! Messenger, allowing malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling the filename parameter. An overly long, maliciously crafted filename causes a buffer overflow, which potentially allows execution of arbitrary code with the privileges of the current user.
The vulnerability has been reported in version 5.6.0.1351 and prior.
Solution:
The vendor has reportedly fixed the vulnerability silently in version 5.6.0.1358.
NOTE: It is necessary to manually delete any old version and install version 5.6.0.1358, because no update function is available.
Provided and/or discovered by:
Tri Huynh, SentryUnion.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
