|
Yahoo! Chat and Messenger Hostname Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA8924
|
|
|
Release Date:
|
2003-06-03
|
|
Popularity:
|
9,772 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Yahoo! Chat
Yahoo! Messenger 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in Yahoo! Chat and Messenger, which allows malicious people to cause a buffer overflow.
The problem is that the hostname parameter isn't verified properly in the Yahoo! Audio Conferencing ActiveX control. A hostname longer than 500 characters will cause the ActiveX control to crash when the "createandjoinconference" method is called.
If the hostname has been crafted in a malicious way, it could cause arbitrary code to be executed on the system.
The Yahoo! Audio Conferencing ActiveX control is marked as safe in Internet Explorer, thus the user will receive no warnings before the ActiveX control is launched.
Solution:
Updated versions are available from Yahoo!:
http://help.yahoo.com/help/us/mesg/use/use-45.html
Provided and/or discovered by:
Cesar Cerrudo
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
